Overview

overview

3

Static

static

3

gorshochek.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    1580s
  • max time network
    1167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 07:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    gorshochek.zip

  • Size

    448KB

  • MD5

    06efbab49aa7202bf2523ec095a6e1ba

  • SHA1

    481eb6d48b4029d9eea13769fee5e74641051efd

  • SHA256

    49c16aebecdb9af4c51979e56842b819950af2a568351a95af4b8fa72f47f64b

  • SHA512

    c91b622a8b50fd9f9a2ffb3bfb28625b3ca2439d4d21a31a8dc72841084a8b8ba73b50f0839647964a7523b2cf5966e63c19a2387f2b762bec442c945c23dbc1

  • SSDEEP

    6144:Z8HdW20OW7tFMcxB9TH9d/gDtorIKtFVYcywbvtnpoTbmM7yoxOcUGLaGy0/Xy0c:W9fc74cxB9Jd/gfKlY+RAjrBLaY/3Kl

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\gorshochek.zip
    1⤵
      PID:2476
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2908
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:3632
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4224

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/4224-0-0x000001A65C240000-0x000001A65C250000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4224-16-0x000001A65C340000-0x000001A65C350000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4224-32-0x000001A664660000-0x000001A664661000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4224-34-0x000001A664690000-0x000001A664691000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4224-35-0x000001A664690000-0x000001A664691000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4224-36-0x000001A6647A0000-0x000001A6647A1000-memory.dmp

                Filesize

                4KB

                Download