9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee

Analysis

max time kernel
58s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 01:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee.exe
Size

144KB
MD5

026ce60e8bd2e751ccf4291569e25000
SHA1

d6dc9032a195ce954a6e8f40003f577c5fd738e6
SHA256

9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee
SHA512

8666be5eea143a06d561438273767cbea000168da71e8cf668199ee3d94328a734c43da0d654461f2afda4e3476216ddd26fc1229048fdd527dc7ef26c1ca977
SSDEEP

3072:bEBH9p/3K+AEkzgXrGqJM4qd3bGjhkqsXN1:U9pTAEkz6rGq4Bbq2T

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2028	sgfgrig.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ogcwmgm.dll	sgfgrig.exe
File created	C:\PROGRA~3\Mozilla\sgfgrig.exe	9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2028	1088	taskeng.exe	28
PID 1088 wrote to memory of 2028	1088	taskeng.exe	28
PID 1088 wrote to memory of 2028	1088	taskeng.exe	28
PID 1088 wrote to memory of 2028	1088	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee.exe
"C:\Users\Admin\AppData\Local\Temp\9b33e9cdde88b51ed95e860bf563b6f3374220b4a86c7658158e9512bbec20ee.exe"
1⤵
- Drops file in Program Files directory
PID:360

C:\Windows\system32\taskeng.exe
taskeng.exe {641DB269-0BA9-4740-979A-4DDF0B4220C1} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\PROGRA~3\Mozilla\sgfgrig.exe
  C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
144KB

MD5
c64ccdf9763e0bfcf3d5846bc23b331a

SHA1
0a62a5f7d7a5156342c709469d6bec22abfd5384

SHA256
e807619cb94e8909ea0fbbfb2311aa1e8db27aea0b6dbeb3e683c60b35627efb

SHA512
659da3a6f104cab1bba353df77b5434f0aa3d9ff44f67e31662744ad516fd04002174242d6a9a4c0e28d58a6f35532b3e134ca5fa1252a7cf8afdbea936d4648

Download Submit
C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
144KB

MD5
c64ccdf9763e0bfcf3d5846bc23b331a

SHA1
0a62a5f7d7a5156342c709469d6bec22abfd5384

SHA256
e807619cb94e8909ea0fbbfb2311aa1e8db27aea0b6dbeb3e683c60b35627efb

SHA512
659da3a6f104cab1bba353df77b5434f0aa3d9ff44f67e31662744ad516fd04002174242d6a9a4c0e28d58a6f35532b3e134ca5fa1252a7cf8afdbea936d4648

Download Submit
memory/360-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/360-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/360-56-0x0000000000320000-0x000000000037B000-memory.dmp

Filesize
364KB

Download
memory/2028-64-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2028-66-0x0000000000220000-0x000000000027B000-memory.dmp

Filesize
364KB

Download