Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
16/06/2024, 09:46
General
-
Target
c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422.exe
-
Size
4.2MB
-
MD5
ccd45a73d555f6a89b06924e150680e5
-
SHA1
29c5b9112eff6078f78926a62c2a3387dc292db1
-
SHA256
c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422
-
SHA512
f98f7eea29dc1d2c0f859035ddbdcca430133817b62ca6bb29881fc8acfc8cd17852770db0a320bea8169cd1307c87dde72ca2f7460d99425798f9ee29e11245
-
SSDEEP
49152:uh0L6UQC+fua+hyHdzy8XkH5DaJc9zOPoze8MoRwFS0bM1qck0zdB0VF1NVm:uyL6Uouxhf9zOPozzE0zqV
Score
1/10
Malware Config
Signatures
-
GoLang User-Agent 2 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422.exe"C:\Users\Admin\AppData\Local\Temp\c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c "reg add \"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" /v WinUpdate /t REG_SZ /d \"C:\Users\Admin\AppData\Local\Temp\c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422.exe\""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add \"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" /v WinUpdate /t REG_SZ /d \"C:\Users\Admin\AppData\Local\Temp\c86218367d0caf1b3939762afbb20f97e941da48d10725eb49239126dacd2422.exe\"3⤵
-
-