Analysis
-
max time kernel
74s -
max time network
80s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
-
submitted
27/06/2024, 10:41
General
-
Target
rick.zip
-
Size
477B
-
MD5
108d4862f0461ac7398741f15b355b19
-
SHA1
cb34a88604cf37b686b9b2d0bf7eebec12b1ab86
-
SHA256
453e20ce15c16dbd858ed422f9962c2bde7cd9ca45837eecb9096c66731809d3
-
SHA512
b990b78c629c206ded2dec6e2e7a3e3524020773d87260480094944dc8dd470482ef79073bbfea77e882fb3e217447ee6de63f7b54862e48470df8434ad16c39
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 26 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\rick.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 6922⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB