Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
14/06/2024, 17:44
General
-
Target
External-Base.exe
-
Size
498KB
-
MD5
81316e7025a76a820a975dd32d084a58
-
SHA1
c9a0ffb940833f09e5e567bb98c49ee6c9fc56b8
-
SHA256
4fb79b84ca9d112cbbc54230154dd0c7bd0c7d504f635b132b46fba114e9157f
-
SHA512
ff899553d5babfb84790f392097c2d128ccb6f6bcee850dc9ba13f3810da417189214d5ae5f03dccfea444f4ab6bd017f4a7f86fa9ac20792fb0c61279c2bece
-
SSDEEP
6144:nghupFT5dM0WrnH7be+x1DQcaUEAorYtnj0++KI2VR9y/+SOAxFtIWl3P0MrCYFW:ghyXjWrbzj0+rW+6NP0wU2CH
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\External-Base.exe"C:\Users\Admin\AppData\Local\Temp\External-Base.exe"1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken