22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73

Analysis

max time kernel
57s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
Size

211KB
MD5

69195b26668fda69e91402ff1be7ca20
SHA1

7ec9a3b8b9a45a4d15c038dc673f8381a7e186cf
SHA256

22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73
SHA512

43a6ae316c09fd6eddab6fc146d49d3e30fabc477dedae075d8503d27c38fa5f447b7f0b26c28708c49538eced8fff47bc213127a62d1c0c8f0053d7b1c82388
SSDEEP

3072:+c/1zMIQ+Q7VLRCYpzPUGmw3ag4afH+q6f15TGzhK1/zmKb:HMf+GVJzPX3ag4+HoLTGzIFmKb

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1252	sgfgrig.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\sgfgrig.exe	22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
File created	C:\PROGRA~3\Mozilla\ogcwmgm.dll	sgfgrig.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1800	22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
1252	sgfgrig.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1252	948	taskeng.exe	29
PID 948 wrote to memory of 1252	948	taskeng.exe	29
PID 948 wrote to memory of 1252	948	taskeng.exe	29
PID 948 wrote to memory of 1252	948	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
"C:\Users\Admin\AppData\Local\Temp\22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1800

C:\Windows\system32\taskeng.exe
taskeng.exe {99AB19B4-A4D1-4EDA-A6FB-F49C6A9B356D} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\PROGRA~3\Mozilla\sgfgrig.exe
  C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:1252

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
211KB

MD5
87e0e021f2deac52a2e9dc786f0bd9fd

SHA1
6a5bfbc7eeabcc8ea486bd77a495db6dcc163084

SHA256
b7520393a063790a559c30118dcc4d96e1d7ed617bc0d1af7f3c679bdb280721

SHA512
5fd62e2745b6a124d2391f9701a12a30e4766ae0465e7a608828f5f3a9cc4ada64c6735763b95dfdddaa354cec719dc978f100c0fb053b73cbd6d53c0a280f81

Download Submit
C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
211KB

MD5
87e0e021f2deac52a2e9dc786f0bd9fd

SHA1
6a5bfbc7eeabcc8ea486bd77a495db6dcc163084

SHA256
b7520393a063790a559c30118dcc4d96e1d7ed617bc0d1af7f3c679bdb280721

SHA512
5fd62e2745b6a124d2391f9701a12a30e4766ae0465e7a608828f5f3a9cc4ada64c6735763b95dfdddaa354cec719dc978f100c0fb053b73cbd6d53c0a280f81

Download Submit
memory/1252-60-0x0000000000000000-mapping.dmp

Download
memory/1252-63-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1252-64-0x0000000000290000-0x00000000002EB000-memory.dmp

Filesize
364KB

Download
memory/1252-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1252-66-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1800-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1800-55-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1800-56-0x0000000000260000-0x00000000002BB000-memory.dmp

Filesize
364KB

Download
memory/1800-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1800-58-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download