lgoogloader | a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9

Analysis

max time kernel
55s
max time network
73s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03/01/2023, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
Size

1.9MB
MD5

966a5f0a7b3e96d37553e3d610a1ca06
SHA1

7c1f6841e0327320eb0ef2100bfd8ffe3e30813d
SHA256

a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9
SHA512

64faddde8416ce609a9a796b55a350c6d58f33a383c2b130e67a9dfa59514e68522bc18d2dacfe8446da2d16cf3f74a32d0f864db455c6174942199a9dd2d6f7
SSDEEP

49152:hdWMqICxUilUYX2UkjYQyYlwTMKuHEuqr:hYIUtkjYQZCMKOU

Score

10^/10

lgoogloader downloader

Malware Config

Signatures

Detects LgoogLoader payload 1 IoCs

resource	yara_rule
behavioral1/memory/4564-212-0x0000000000EF0000-0x0000000000EFD000-memory.dmp	family_lgoogloader

LgoogLoader
A downloader capable of dropping and executing other malware families.
downloader lgoogloader

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1968 set thread context of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3632	1968	WerFault.exe	65

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66
PID 1968 wrote to memory of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66
PID 1968 wrote to memory of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66
PID 1968 wrote to memory of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66
PID 1968 wrote to memory of 4564	1968	a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe	66

C:\Users\Admin\AppData\Local\Temp\a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe
"C:\Users\Admin\AppData\Local\Temp\a0d5541207037da42fb775802def799429d666a0fd52bb034e825afa2c1a51e9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
  2⤵
  PID:4564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1156
  2⤵
  - Program crash
  PID:3632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-151-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-157-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-118-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-119-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-120-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-121-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-116-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-123-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-124-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-153-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-126-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-127-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-128-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-129-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-130-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-132-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-133-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-134-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-135-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-136-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-131-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-138-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-139-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-140-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-141-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-142-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-143-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-144-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-145-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-146-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-147-0x0000000003290000-0x0000000003436000-memory.dmp

Filesize
1.6MB

Download
memory/1968-148-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-149-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-150-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-122-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-117-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-125-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-154-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-155-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-156-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-152-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-158-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-159-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-160-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-161-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-162-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/1968-163-0x000000000E4B0000-0x000000000E753000-memory.dmp

Filesize
2.6MB

Download
memory/1968-164-0x000000000E4B0000-0x000000000E753000-memory.dmp

Filesize
2.6MB

Download
memory/1968-214-0x000000000E4B0000-0x000000000E753000-memory.dmp

Filesize
2.6MB

Download
memory/1968-213-0x0000000003290000-0x0000000003436000-memory.dmp

Filesize
1.6MB

Download
memory/1968-169-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-168-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-179-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-171-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-180-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-173-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-175-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-174-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4564-177-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-170-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-176-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-172-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-178-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-181-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-182-0x0000000077290000-0x000000007741E000-memory.dmp

Filesize
1.6MB

Download
memory/4564-210-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4564-211-0x0000000000ED0000-0x0000000000ED9000-memory.dmp

Filesize
36KB

Download
memory/4564-212-0x0000000000EF0000-0x0000000000EFD000-memory.dmp

Filesize
52KB

Download
memory/4564-167-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4564-165-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download