Analysis

  • max time kernel
    144s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 15:06

General

  • Target

    Saphire 2020/Read me.txt

  • Size

    345B

  • MD5

    b922fdaac17a8123e7c058620a6e7b4e

  • SHA1

    4af8a35d6ad8e27d087ff096050e44c57181b9af

  • SHA256

    a441d2fb4b02c7a01c8f519cce965aea50f5cf70297769a72086ffd9aa26c664

  • SHA512

    783b82525411030c6325fb619bdf553b3981574b65a010fd07d5a589fa3c1e82069813993e6cd5eda0940e5bf3b53145d62d5819b385ad849e2fc336f759045d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: LoadsDriver 6 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Saphire 2020\Read me.txt"
    1⤵
      PID:4984
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
      1⤵
        PID:1624
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4328

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads