Overview

overview

10

Static

static

10

2024-06-01...rd.exe

windows7-x64

6

2024-06-01...rd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 23:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-01_2c676aba9a73be04bab27f85417c90a3_megazord.exe

  • Size

    65.6MB

  • MD5

    2c676aba9a73be04bab27f85417c90a3

  • SHA1

    093a36a8899bff64489e52911351d6f64362eb34

  • SHA256

    7a38d1a11669f0c9efa7531dcaf8cdce1a20293d1b916e57d90cb0eda260a86a

  • SHA512

    73168281a8f682e5067a6e166913daa5041fdebe961e1726c408dea39d41cb755479596894c1e6552cadad3192880f49b2f4f16d4f40ffaa2c12753835191e3d

  • SSDEEP

    393216:mAXhBQ9KO/+0250U/oGdNO2DfI0NhAxgo9fqJf27QM8QshTitNoTqNEnb89fKWG7:th0G0EnNO8fIFzkpQshTqrLV5FQ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_2c676aba9a73be04bab27f85417c90a3_megazord.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_2c676aba9a73be04bab27f85417c90a3_megazord.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads