Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
24-01-2024 09:09
General
-
Target
71d43582dc0c77823ddbc2905d802f63.exe
-
Size
40KB
-
MD5
71d43582dc0c77823ddbc2905d802f63
-
SHA1
b9aeecaedd7e8281fe8f8a16630087bd237ebb21
-
SHA256
18f1b71b907e06bef637b988f686e9d49614d06d6d83715fcbc66c3bb48dfbb8
-
SHA512
2d6b004c3ed0b2e5fb4df93cb383b85de0fea2422e09260286636c3060c67645d015b7741a219a8fd3f3f02bae8bc17e76df060415d742aba3ad19faea5cf1c8
-
SSDEEP
768:2Jgjz3Ge4FlgZyiaCSedw1fpSmBEqxr6J4wtk:2Jgjz3J4FlgASdK/ZBStk
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\71d43582dc0c77823ddbc2905d802f63.exe"C:\Users\Admin\AppData\Local\Temp\71d43582dc0c77823ddbc2905d802f63.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{AD986A2C-C361-BB7B-44D6-2FBF9C087381}" /f2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\71D435~1.EXE > nul2⤵
-