b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1

Analysis

max time kernel
53s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1.exe
Size

438KB
MD5

40718a5cda1492eec89b355ae5f9bee0
SHA1

a324585e89b74b2afa5e008a0a74cbc1734e1fde
SHA256

b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1
SHA512

c9d3d268fafd2ea023f07d53a44c098fcb111ad66f0943c858f930be388c6013e0df7400b8e9b24d3973e5717306d19a7f5559acf877b57bfeb15bf012f7212b
SSDEEP

12288:51i/ljo6d94Z2NC+H07HQP4pgIHy0/GqBcL4DGsxv3FAv:51i9Igs57HQPzIXGqy0K2tC

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1520	sgfgrig.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\sgfgrig.exe	b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1.exe
File created	C:\PROGRA~3\Mozilla\ogcwmgm.dll	sgfgrig.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1520	1568	taskeng.exe	29
PID 1568 wrote to memory of 1520	1568	taskeng.exe	29
PID 1568 wrote to memory of 1520	1568	taskeng.exe	29
PID 1568 wrote to memory of 1520	1568	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1.exe
"C:\Users\Admin\AppData\Local\Temp\b8fb3806d2bee2974374bf208c526eb46c42643f08b1ae129a805a3fa587bee1.exe"
1⤵
- Drops file in Program Files directory
PID:1956

C:\Windows\system32\taskeng.exe
taskeng.exe {99AB19B4-A4D1-4EDA-A6FB-F49C6A9B356D} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\PROGRA~3\Mozilla\sgfgrig.exe
  C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
438KB

MD5
1144f858ed62689c7db26d86b1066a0a

SHA1
ece093868414a6ccb69e3d924f9f617143d8f07f

SHA256
2b4468eca2d9c7c828dcd3397f95f75aa1d9295d57dcb96c4866aad1736e4323

SHA512
6cdc5f71d056e527ebb21f62618366125b2ecc3d688c780a268f2c29bd5aaaf64767d0bf795505bbd6c202038489ccd2c03fde8392921c79a2de319db88b3bf3

Download Submit
C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
438KB

MD5
1144f858ed62689c7db26d86b1066a0a

SHA1
ece093868414a6ccb69e3d924f9f617143d8f07f

SHA256
2b4468eca2d9c7c828dcd3397f95f75aa1d9295d57dcb96c4866aad1736e4323

SHA512
6cdc5f71d056e527ebb21f62618366125b2ecc3d688c780a268f2c29bd5aaaf64767d0bf795505bbd6c202038489ccd2c03fde8392921c79a2de319db88b3bf3

Download Submit
memory/1956-54-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1956-55-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download