Overview

overview

10

Static

static

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2023 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    2.0MB

  • MD5

    d1a1c0cec984bdafdb412d42f159f816

  • SHA1

    06d4c6cde7311fe0bcbd25bf85b04ec249277780

  • SHA256

    97b357375a52567547a6b5f537d6cccafcf3217fdad3024ea2d654795539bdbd

  • SHA512

    eb267b0a2a8228a2a8cd7f7cd8e5f4fb58d2a83ee373ecb729476301f48a82339e8e44957d00ab4fb4adbbb744df7aa8ba489cfa2d3b163f32ad8605c253c6ef

  • SSDEEP

    49152:YzNVaV444444444444444444444444444444444444444444444444444444444H:Yzhok8y9vWn3Z3r9Weg

Score
10/10
lgoogloaderdownloader

Malware Config

Signatures

  • Detects LgoogLoader payload 1 IoCs
  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
      2⤵
        PID:4856
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 1108
        2⤵
        • Program crash
        PID:3276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 1256
        2⤵
        • Program crash
        PID:4248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4084 -ip 4084
      1⤵
        PID:4808
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4084 -ip 4084
        1⤵
          PID:1308

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4084-132-0x00000000036F0000-0x000000000388A000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4084-133-0x000000000F470000-0x000000000F731000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/4084-134-0x000000000F470000-0x000000000F731000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/4084-143-0x00000000036F0000-0x000000000388A000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4856-135-0x0000000000000000-mapping.dmp

          Download

        • memory/4856-136-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4856-138-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4856-139-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4856-140-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4856-141-0x0000000000AA0000-0x0000000000AA9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4856-142-0x0000000000EE0000-0x0000000000EED000-memory.dmp

          Filesize

          52KB

          Download