Analysis
-
max time kernel
130s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
31-12-2023 07:00
General
-
Target
2c876c5d689ba90f34fc1e818d39a264.exe
-
Size
106KB
-
MD5
2c876c5d689ba90f34fc1e818d39a264
-
SHA1
b86c0b3762aed6733a18dedf8a7c5206142df6c7
-
SHA256
7eae0e8cb86ecaef58d21562bae574470dd2d056b299997417b97eaa6d90f670
-
SHA512
67e070f284bdf7957d840e900b4b6e6948b7651e737b2d7e792901d46e66002bf4d63caa180cf573d90ab04faebdc4186d71e6498c33fa3a1a2c76016677d956
-
SSDEEP
3072:gkWMvzjIc4Cw0Bkxo4yHckq6VqVMe7ws/Y:gyvzjIcukoyHZqlb5Y
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c876c5d689ba90f34fc1e818d39a264.exe"C:\Users\Admin\AppData\Local\Temp\2c876c5d689ba90f34fc1e818d39a264.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2C876C~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\SysWOW64\ggmiuy.exeC:\Windows\SysWOW64\ggmiuy.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
106KB
MD52c876c5d689ba90f34fc1e818d39a264
SHA1b86c0b3762aed6733a18dedf8a7c5206142df6c7
SHA2567eae0e8cb86ecaef58d21562bae574470dd2d056b299997417b97eaa6d90f670
SHA51267e070f284bdf7957d840e900b4b6e6948b7651e737b2d7e792901d46e66002bf4d63caa180cf573d90ab04faebdc4186d71e6498c33fa3a1a2c76016677d956