Overview

overview

7

Static

static

1

gauss.zip

windows7-x64

1

gauss.zip

windows10-2004-x64

1

ocx_dll/GAUSS_1

windows7-x64

1

ocx_dll/GAUSS_1

windows10-2004-x64

1

ttf/pldnrfn.ttf

windows7-x64

3

ttf/pldnrfn.ttf

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gauss.zip

  • Size

    38KB

  • MD5

    9be52352b094381c69c272f5c49d116f

  • SHA1

    3b589c5603e79266d2bbef319303a192ec100d42

  • SHA256

    c09d6f6c1897021c13f272f4bd0646f097b748e6b9094844faa96f0c76b2323c

  • SHA512

    2da103d60ada05eca8645e39910cae474e59d5962d9268b4f05a665aeb357e852e15672457b1f7fd3c66777c9bbce438fb522574ff4440e2ae009b96f8076212

  • SSDEEP

    768:OKfzsiRsZI0oTzzeGoIb5dt++NL+x0xpjKTIfDE71m5V:Bfz1sDoSU1+xAoTIfDE7I

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\gauss.zip
    1⤵
      PID:4720
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:440
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4568

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4568-0-0x000001CD82240000-0x000001CD82250000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4568-16-0x000001CD82340000-0x000001CD82350000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4568-32-0x000001CD8A660000-0x000001CD8A661000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4568-34-0x000001CD8A690000-0x000001CD8A691000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4568-35-0x000001CD8A690000-0x000001CD8A691000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4568-36-0x000001CD8A7A0000-0x000001CD8A7A1000-memory.dmp

        Filesize

        4KB

        Download