Analysis

  • max time kernel
    90s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2023 20:17

General

  • Target

    67c31c5794f8158756745a674e28f5412c81f3109d1af2cbcc2ad91f649ed954.exe

  • Size

    1.9MB

  • MD5

    51db87bd259c144a2f8502be3a964d32

  • SHA1

    999cdf0c67555c620da7c311d4be77fb19932b59

  • SHA256

    67c31c5794f8158756745a674e28f5412c81f3109d1af2cbcc2ad91f649ed954

  • SHA512

    0873340d9b0d683a8fea0ab61ef6e3931bf93de78a6b64ff2337a831bda982aa9cead3105a6876275b0f3f67f9c0131e9400e4ded69ab55278aea524c36397b0

  • SSDEEP

    49152:JaBIOU793vSNKyqwTyxRLloBY/2Aq7ppL99YZnfXT:JHzx36NKylTyxRLlmY/2Aq9pL4Znfj

Score
10/10

Malware Config

Signatures

  • Detects LgoogLoader payload 1 IoCs
  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67c31c5794f8158756745a674e28f5412c81f3109d1af2cbcc2ad91f649ed954.exe
    "C:\Users\Admin\AppData\Local\Temp\67c31c5794f8158756745a674e28f5412c81f3109d1af2cbcc2ad91f649ed954.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
      2⤵
        PID:3536
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
        2⤵
          PID:404
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
          2⤵
            PID:4604
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
            2⤵
              PID:1284

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1284-142-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

          • memory/1284-139-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

          • memory/1284-141-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

          • memory/1284-144-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

          • memory/1284-145-0x0000000000E30000-0x0000000000E39000-memory.dmp

            Filesize

            36KB

          • memory/1284-146-0x0000000000E50000-0x0000000000E5D000-memory.dmp

            Filesize

            52KB

          • memory/5080-134-0x000000000DBA0000-0x000000000DE52000-memory.dmp

            Filesize

            2.7MB

          • memory/5080-133-0x0000000003264000-0x00000000033F1000-memory.dmp

            Filesize

            1.6MB

          • memory/5080-132-0x000000000DBA0000-0x000000000DE52000-memory.dmp

            Filesize

            2.7MB

          • memory/5080-143-0x0000000003264000-0x00000000033F1000-memory.dmp

            Filesize

            1.6MB