6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40

Analysis

max time kernel
59s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 13:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40.exe
Size

320KB
MD5

47259890e6d02089a52312564b3ccf90
SHA1

40cba7382452da2d554a6f9f52d832d87d22e262
SHA256

6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40
SHA512

0d1dbd78ce3968eb85396e8bfe51d621b9eb69b7cb59749dccdcf3b92c7fbcec99ce4466d78228038de362d64582499b4bec1df2fdacc790e82b7d448fbbf515
SSDEEP

6144:CDJVazMKV31FdaQvXluxqU+A/0y+nt75voqQEnHv0CxN8H9RJPz7Dhz4:CDJM/bXntAh+nhZoqQEHvVIzJPzW

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
316	sgfgrig.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\sgfgrig.exe	6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40.exe
File created	C:\PROGRA~3\Mozilla\ogcwmgm.dll	sgfgrig.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 316	956	taskeng.exe	29
PID 956 wrote to memory of 316	956	taskeng.exe	29
PID 956 wrote to memory of 316	956	taskeng.exe	29
PID 956 wrote to memory of 316	956	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40.exe
"C:\Users\Admin\AppData\Local\Temp\6e15f969f2803eb329abc8188ccc0e72876113d9698b7f428f9cdd9c0b041e40.exe"
1⤵
- Drops file in Program Files directory
PID:1208

C:\Windows\system32\taskeng.exe
taskeng.exe {7A87F41F-20DB-4085-8AC0-A58A30A5D213} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\PROGRA~3\Mozilla\sgfgrig.exe
  C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
320KB

MD5
931ee9e5ef996b706a6df9e8cd695534

SHA1
81c3371dfc3c1c49abe7ea8d713606c180ed7fd0

SHA256
cc8c54ec5c80cd8729e78f33856a892355c5d2ae4cb53bf0c51beef366485d6a

SHA512
806328a5a568707c4eaefec96da1939b1371ad9693427def73f0ac205b4bd52d3cbde6ea9fea696ed390a8e827ca4094c7f265f10045d84483af9fd05b4be789

Download Submit
C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
320KB

MD5
931ee9e5ef996b706a6df9e8cd695534

SHA1
81c3371dfc3c1c49abe7ea8d713606c180ed7fd0

SHA256
cc8c54ec5c80cd8729e78f33856a892355c5d2ae4cb53bf0c51beef366485d6a

SHA512
806328a5a568707c4eaefec96da1939b1371ad9693427def73f0ac205b4bd52d3cbde6ea9fea696ed390a8e827ca4094c7f265f10045d84483af9fd05b4be789

Download Submit
memory/316-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1208-54-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1208-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x0000000000220000-0x000000000027B000-memory.dmp

Filesize
364KB

Download