Analysis
-
max time kernel
0s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
06/06/2024, 19:52
General
-
Target
Walecz Ghost 0.50.rar
-
Size
2.0MB
-
MD5
67551e452dedbdcb644a6d22562f50d2
-
SHA1
748c9ed5611b0e2863e3ec7cfc4242a112cd83fe
-
SHA256
0ae587f12695ccafab2f0328dffa444e6208ecad24e8840a5928911e5414ab36
-
SHA512
cdeba756fba5f5f9ffbd115b25a6c3f079e46695acc9074049372ba8299077f27411a15ea6df086289c08054f3c41b7376c62c42c366d7cbee5e91cc0459103e
-
SSDEEP
49152:kiT6gJVgh2Hy9FV3ADNFteTltWe+zYhKk9XN/M3vDig:kiT3gh2HmV3melYe9gY9U3vDT
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Walecz Ghost 0.50.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Walecz Ghost 0.50.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\7zO856BA9B7\Walecz.exe"C:\Users\Admin\AppData\Local\Temp\7zO856BA9B7\Walecz.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\7zO856E7DF7\Walecz.exe"C:\Users\Admin\AppData\Local\Temp\7zO856E7DF7\Walecz.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
149KB
MD507de826c94427c60f616d3620ab52ede
SHA1627530a0d21bc387934bc53f6261cd83ae98bd09
SHA256ef2ca749a5a531be17b418421c64b1c112d881013297b9143e33cccfd9957911
SHA512de6e42abe8f57e9f54b27e5df0e1c429b50a49d0f62908026c2bf220a2eab354331224881a0c03d30eb552b3898584c31e529c26ce247da1b651381853058a11