Analysis
-
max time kernel
74s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 09:50
General
-
Target
14f3c2ca9a36200a69ec835f1dbdd0a8.exe
-
Size
128KB
-
MD5
14f3c2ca9a36200a69ec835f1dbdd0a8
-
SHA1
303465bd52300e9ed92acf6badc091c35e909387
-
SHA256
53ea7c6dab0d1216300db433356ffdf3a52a2863c8a613f5ddeb1dc23813b462
-
SHA512
800954796ef36383c45f604459b1357c9b1803568d63fbaaf6f49780c4be2cdc1e161a310196619798f26566fe774a709947a983087b31d035144fdf81247bd4
-
SSDEEP
3072:NInFft2DayoSf9lIQvt7XSY8g+xwbUxjA:KFAay1l/17d8gpbajA
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\14f3c2ca9a36200a69ec835f1dbdd0a8.exe"C:\Users\Admin\AppData\Local\Temp\14f3c2ca9a36200a69ec835f1dbdd0a8.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\14F3C2~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\SysWOW64\ggmiuy.exeC:\Windows\SysWOW64\ggmiuy.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD514f3c2ca9a36200a69ec835f1dbdd0a8
SHA1303465bd52300e9ed92acf6badc091c35e909387
SHA25653ea7c6dab0d1216300db433356ffdf3a52a2863c8a613f5ddeb1dc23813b462
SHA512800954796ef36383c45f604459b1357c9b1803568d63fbaaf6f49780c4be2cdc1e161a310196619798f26566fe774a709947a983087b31d035144fdf81247bd4
-
Filesize
84KB