Overview

overview

7

Static

static

3

GT DeskSec-setup.exe

windows7-x64

7

GT DeskSec-setup.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    GT DeskSec-setup.exe

  • Size

    1.2MB

  • MD5

    03d48230684e8fba684acce379f66b40

  • SHA1

    eb85a745d720e4d527c3f369ae62ad956d234de0

  • SHA256

    d6084cdb05508aea5e12cf7cadaa39020e9092b6057e83698a2cec9e9bb1b13e

  • SHA512

    7af6f1320f5659b7fc57832c4bec6f9d9b05331e84023f2a49ad8c604fcbfdd856db00e965aef6f5ee52048ab88d3533c5a58b17742cd15f145de490b24a5a96

  • SSDEEP

    24576:upSJEeRfkQz1lSBlnobH3aVXS44Rk5vcn8i9b07B6xXMDsrRLIWPsun2Pu:MSJnfkC1lSB6bHt05vRs6BNg9IUF0u

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GT DeskSec-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\GT DeskSec-setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads