4699a2986b40740bd63ea0ed18d92dee849e1603c29fe833316d4ce48df41d18

Resubmissions

19-03-2023 04:52

230319-fhfpxsha7s 7

Analysis

max time kernel
106s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gxscc-installer.exe
Size

271KB
MD5

cfb354740ceb1e2c407404eb8791f935
SHA1

989aeeb267549d0bbad1a4346169864f692434de
SHA256

4699a2986b40740bd63ea0ed18d92dee849e1603c29fe833316d4ce48df41d18
SHA512

31a806c101037ce1fb1b659889a856897b10e9c44c11403f0352ab5eabf4c0a4ee0d84882fccc1217ac2d1c4a259c8cf9574769d92297460a3e0a9b065429b70
SSDEEP

6144:z28A9q2W7oOx0IGynJFTJDUJZZVIx19AlBtwyL+BOCAVAAMhSchArG:S8poOx1FDUJ+b9Wr1qOCAWABK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
832	gxscc.exe

Loads dropped DLL 2 IoCs

pid	Process
832	gxscc.exe
832	gxscc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GXSCC\rcpcv.dll	gxscc-installer.exe
File created	C:\Program Files (x86)\GXSCC\GXSCCPreferences.bin	gxscc-installer.exe
File created	C:\Program Files (x86)\GXSCC\uninstall.exe	gxscc-installer.exe
File created	C:\Program Files (x86)\GXSCC\gxscc.exe	gxscc-installer.exe
File created	C:\Program Files (x86)\GXSCC\gxscc.ico	gxscc-installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
832	gxscc.exe
832	gxscc.exe

C:\Users\Admin\AppData\Local\Temp\gxscc-installer.exe
"C:\Users\Admin\AppData\Local\Temp\gxscc-installer.exe"
1⤵
- Drops file in Program Files directory
PID:4672

C:\Program Files (x86)\GXSCC\gxscc.exe
"C:\Program Files (x86)\GXSCC\gxscc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GXSCC\GXSCCPreferences.bin

Filesize
128B

MD5
f106bb3ee416dac223a0f4f15baf3cf5

SHA1
831b5d0de51b74ab7e92d0d1df60fac5bc2cc6d1

SHA256
0fb1fec4efc9fd32661f205dd0ea09d947a59c987e55d909ce3bdfb52f510fb2

SHA512
a96901541b3dbb45b505036d5fbc51b6bf8f88a300c7b4efd6a343f11ec456bc4a72c0810151020afe65e94ec1fa65b2a5b764e0e8079043bb8f970c95e427d9

Download Submit
C:\Program Files (x86)\GXSCC\gxscc.exe

Filesize
1.7MB

MD5
04a0c74639d5fabfca476dcbe04c70bc

SHA1
26e23b128aafd3b6f86a3422d1106835700d083b

SHA256
1eeeecf6ff72f34841983e05579114159748c70d0b3725d85af3301004992f7a

SHA512
2e59c4acede1a673dac6bb396c57ce40ec041369f0506239f4133123916007ecd5bd1efe8c2b8ce66334684e45b27850c8ff2c70495ed493f4b7fd842cd7bcd3

Download Submit
C:\Program Files (x86)\GXSCC\gxscc.exe

Filesize
1.7MB

MD5
04a0c74639d5fabfca476dcbe04c70bc

SHA1
26e23b128aafd3b6f86a3422d1106835700d083b

SHA256
1eeeecf6ff72f34841983e05579114159748c70d0b3725d85af3301004992f7a

SHA512
2e59c4acede1a673dac6bb396c57ce40ec041369f0506239f4133123916007ecd5bd1efe8c2b8ce66334684e45b27850c8ff2c70495ed493f4b7fd842cd7bcd3

Download Submit
C:\Program Files (x86)\GXSCC\rcpcv.dll

Filesize
80KB

MD5
6c3970de76fa277db88a809291113fd7

SHA1
4ac1358e1de9b1c088162b08a92e14360a19dbe3

SHA256
70765cfb2c97e5a9a5d2eb896c83529c08dc0d6f3da6f64cc067afc4b2f1edc8

SHA512
a37d66947deceea9b58c852d44dc8d424029fb8427b5459cc1aa6687b1c889dbac6f320b195428dcbbd4a244a4d37b56b0dbe259fb6a95de10d2cf9948f9b1a6

Download Submit
C:\Program Files (x86)\GXSCC\rcpcv.dll

Filesize
80KB

MD5
6c3970de76fa277db88a809291113fd7

SHA1
4ac1358e1de9b1c088162b08a92e14360a19dbe3

SHA256
70765cfb2c97e5a9a5d2eb896c83529c08dc0d6f3da6f64cc067afc4b2f1edc8

SHA512
a37d66947deceea9b58c852d44dc8d424029fb8427b5459cc1aa6687b1c889dbac6f320b195428dcbbd4a244a4d37b56b0dbe259fb6a95de10d2cf9948f9b1a6

Download Submit
C:\Program Files (x86)\GXSCC\rcpcv.dll

Filesize
80KB

MD5
6c3970de76fa277db88a809291113fd7

SHA1
4ac1358e1de9b1c088162b08a92e14360a19dbe3

SHA256
70765cfb2c97e5a9a5d2eb896c83529c08dc0d6f3da6f64cc067afc4b2f1edc8

SHA512
a37d66947deceea9b58c852d44dc8d424029fb8427b5459cc1aa6687b1c889dbac6f320b195428dcbbd4a244a4d37b56b0dbe259fb6a95de10d2cf9948f9b1a6

Download Submit
memory/832-148-0x0000000002990000-0x00000000029AC000-memory.dmp

Filesize
112KB

Download
memory/832-149-0x0000000002990000-0x00000000029AC000-memory.dmp

Filesize
112KB

Download