Resubmissions
23-05-2022 16:11
220523-tnabzsefc2 1023-05-2022 07:02
220523-ht7c5afdcp 112-01-2022 21:53
220112-1rtclaebfj 106-12-2021 22:05
211206-1zfrgafcbp 117-11-2021 23:36
211117-3lkvdaech7 1Analysis
-
max time kernel
51s -
max time network
144s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
23-05-2022 16:11
Static task
static1
Behavioral task
behavioral1
Sample
Google.jpeg.exe
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
Google.jpeg.exe
Resource
win10v2004-20220414-en
General
-
Target
Google.jpeg.exe
-
Size
275KB
-
MD5
74c4f24e9c025d55c4dd8aca8b91fce3
-
SHA1
173d755e944666390540d6cb3d299567044de7d2
-
SHA256
030340b93655a258d69c01e334877bb36a49a5fafd23927216020b99a3e3c738
-
SHA512
3f6f9c4d6cee80366bf8660d2b2d4f0577d1ba378d3164070544bfb67530e83ad3a64165e8ad83ea18b9d07898cf80cae72b0b0654df76cf7ff769c8711dce06
Malware Config
Extracted
colibri
1.2.0
traffic_doc
http://188.130.139.47/gate.php
Signatures
-
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
Google.jpeg.exepid process 1840 Google.jpeg.exe 1840 Google.jpeg.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1840-117-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-118-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-119-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-120-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-121-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-122-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-123-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-124-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-125-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-126-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-127-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-128-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-129-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-130-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-131-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-132-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-134-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-133-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-135-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-136-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-137-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-138-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-139-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-140-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-141-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-142-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-143-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-144-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-145-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-146-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-147-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-148-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-149-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-150-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-151-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-152-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-153-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-154-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-155-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-156-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-157-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-158-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1840-159-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-160-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-161-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-162-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-163-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-164-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-165-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-166-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-167-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-168-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB
-
memory/1840-169-0x0000000077B40000-0x0000000077CCE000-memory.dmpFilesize
1.6MB