587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2

Analysis

max time kernel
52s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2.exe
Size

329KB
MD5

96a9d5bb0c40c5a1f8fa5508f03ede20
SHA1

b8a3c24c56f47bc7987791a7ebc75ae49a993441
SHA256

587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2
SHA512

ce9d42af0b696844d5190760585544b0d843e722e8858a82ede6c41385eb7f55324f5a71c3c0a4e871191488910ed680f6cca852a33e65dc88a1660f826237a4
SSDEEP

6144:VnVuleEtUSDDF9HMqvRlbfEtc2BI9hxCjem25BBGCVfHg9REQn9tt18:poVHsqvQNaYjemuOCZeR9n9S

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
948	sgfgrig.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\sgfgrig.exe	587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2.exe
File created	C:\PROGRA~3\Mozilla\ogcwmgm.dll	sgfgrig.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 948	1948	taskeng.exe	28
PID 1948 wrote to memory of 948	1948	taskeng.exe	28
PID 1948 wrote to memory of 948	1948	taskeng.exe	28
PID 1948 wrote to memory of 948	1948	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2.exe
"C:\Users\Admin\AppData\Local\Temp\587b11d6259576ee021ba66d4365b6d076b9759f2ba42c68bb967b8c3370c4f2.exe"
1⤵
- Drops file in Program Files directory
PID:892

C:\Windows\system32\taskeng.exe
taskeng.exe {B12956E0-5F0D-489A-A16D-B24AC615D87D} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\PROGRA~3\Mozilla\sgfgrig.exe
  C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
329KB

MD5
25c698308bc25d358ade803220404b93

SHA1
49ee8d7a78e9dd77addfea364e4c4130b77db25a

SHA256
0838e57b877edc78bfd0314efcebc69c812a403c47fffeab5bea9e55e5a4bf7d

SHA512
9757836cf48903586635c391032f19db8c980f1ee04d2f2a34b585ca2e30e60f8781c545fbd7bb2807e03397e81ca7ceb91089facf9576833d70de7c9ffdc626

Download Submit
C:\PROGRA~3\Mozilla\sgfgrig.exe

Filesize
329KB

MD5
25c698308bc25d358ade803220404b93

SHA1
49ee8d7a78e9dd77addfea364e4c4130b77db25a

SHA256
0838e57b877edc78bfd0314efcebc69c812a403c47fffeab5bea9e55e5a4bf7d

SHA512
9757836cf48903586635c391032f19db8c980f1ee04d2f2a34b585ca2e30e60f8781c545fbd7bb2807e03397e81ca7ceb91089facf9576833d70de7c9ffdc626

Download Submit
memory/892-54-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/892-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download
memory/892-56-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/948-62-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/948-64-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download