Analysis
-
max time kernel
138s -
max time network
182s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
22-07-2021 02:26
General
-
Target
girlGirlBoys.jpg.dll
-
Size
1.2MB
-
MD5
765dd6425582672e4c2cca5929598848
-
SHA1
32284fcaeb0310f34a1b5fff46f4bd7e8e17251a
-
SHA256
0cdd088afc4cb6d2f0d39b6b05c49398309baafb38309cbe89f222eaa2042f86
-
SHA512
8349b824e6001b3cdc7f8d7fa332b2308c6a21c232f54c46bd537778e15214962a319478a790f0a0f5b640d25fb77e442bb92897c3a688fa7ebca496243711eb
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Discovers systems in the same network 1 TTPs 2 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\girlGirlBoys.jpg.dll2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\net.exenet view /all3⤵
- Discovers systems in the same network
-
C:\Windows\system32\net.exenet view /all /domain3⤵
- Discovers systems in the same network
-
C:\Windows\system32\nltest.exenltest /domain_trusts /all_trusts3⤵
-
C:\Windows\system32\net.exenet localgroup administrator3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrator4⤵
-
C:\Windows\system32\net.exenet group /domain admins3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 group /domain admins4⤵
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\girlGirlBoys.jpg.dll"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015MD5
2902de11e30dcc620b184e3bb0f0c1cb
SHA15d11d14a2558801a2688dc2d6dfad39ac294f222
SHA256e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544
SHA512efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015MD5
d0227d5862f3a50a958c8cdccdbc9b36
SHA1dc8ef55616ff15599184737ed350e660a825f102
SHA256637efffb68ff159c1de9434894b590b4f3e1dd1ac6e051263eb421d6c5b1070d
SHA512f4b71148de38ead0debf0daaa69377059a66bb0ff89bf455ea9861359ce55079b6359ee39f3d584661d63bc0a6420f34a378357288f5a35ddef3c48081452856
-
memory/748-60-0x0000000001F30000-0x0000000001F6E000-memory.dmpFilesize
248KB
-
memory/748-59-0x000007FEFB9A1000-0x000007FEFB9A3000-memory.dmpFilesize
8KB
-
memory/960-71-0x0000000000000000-mapping.dmp
-
memory/1108-62-0x000000013F5E77D8-mapping.dmp
-
memory/1108-63-0x000000013F3D0000-0x000000013F615000-memory.dmpFilesize
2.3MB
-
memory/1108-61-0x000000013F3D0000-0x000000013F615000-memory.dmpFilesize
2.3MB
-
memory/1484-74-0x0000000000000000-mapping.dmp
-
memory/1544-68-0x0000000000000000-mapping.dmp
-
memory/1692-70-0x0000000000000000-mapping.dmp
-
memory/1696-65-0x0000000001ED0000-0x0000000001F0E000-memory.dmpFilesize
248KB
-
memory/1700-72-0x0000000000000000-mapping.dmp
-
memory/1720-73-0x0000000000000000-mapping.dmp
-
memory/2040-69-0x0000000000000000-mapping.dmp