Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
22/07/2024, 20:03
General
-
Target
gugjUpdater.exe
-
Size
679.3MB
-
MD5
110338c7214276a2f7eba4a9d43621a8
-
SHA1
849817945ff02ace87ee7ac5f6eb6f66a4cfe33c
-
SHA256
9cafa33cd3dafee4f4a02a2ad8d1a9121cfaeae6cde95f3da647cff7d3e4914d
-
SHA512
f41e0dd2268492cf672cffbcf88a4b8575fd8cf1ef8d938fa5a6cb8d5bfba28f994b42adb1863c70ac3cde112cf8e488cf2e04b0abe48bdae066e33616c5ac9c
-
SSDEEP
393216:tkfZ+0tsgG1a+OA0vBUJg+pw4Osi1FKT69NeBV8opaOm5TdhxJNKSYkL6nFn:4QpJMTJKr
Score
10/10
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\gugjUpdater.exe"C:\Users\Admin\AppData\Local\Temp\gugjUpdater.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
-
Filesize
40KB
-
Filesize
19.8MB
-
Filesize
40KB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
284KB
-
Filesize
1.7MB
-
Filesize
36KB
-
Filesize
4.0MB
-
Filesize
44KB
-
Filesize
284KB
-
Filesize
1.7MB