2194f49d4b349e23456b323abfc7167bf5927453590abd43cbdaca1dda9bcd68

Analysis

max time kernel
626s
max time network
631s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
19-03-2023 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Git2.zip
Size

7.3MB
MD5

35c1fb32c93adc5498e2e29bf7af4680
SHA1

a195535fa854f186a0fe1d74de24c26f110a5d44
SHA256

2194f49d4b349e23456b323abfc7167bf5927453590abd43cbdaca1dda9bcd68
SHA512

01c5a153e146272cad71207cb871e9de19d36f630329b9b5546f98257ea054d89b9b6e0a3669a86a5b4f67c8508061f010f0841d980f141423374b031f88c67f
SSDEEP

98304:h6Y2jb5ZT5CH0uzEDaLaBD0iH5n37cfrOHOFxFE2hhAOSBXcPZWPvb:B2xZ1e32N0iHFiTFEQA7DPT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2040	clifdthjsjkdgaoker.exe
524	GUI_MODERNISTA.exe
1972	sdfsdfs.exe

Loads dropped DLL 5 IoCs

pid	Process
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2040	clifdthjsjkdgaoker.exe
2040	clifdthjsjkdgaoker.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1972 set thread context of 1340	1972	sdfsdfs.exe	37

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1576	1972	WerFault.exe	35

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2040	clifdthjsjkdgaoker.exe
1340	AppLaunch.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	892	7zG.exe
Token: 35	892	7zG.exe
Token: SeSecurityPrivilege	892	7zG.exe
Token: SeSecurityPrivilege	892	7zG.exe
Token: SeDebugPrivilege	1340	AppLaunch.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
892	7zG.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1340	1972	sdfsdfs.exe	37
PID 1972 wrote to memory of 1576	1972	sdfsdfs.exe	38
PID 1972 wrote to memory of 1576	1972	sdfsdfs.exe	38
PID 1972 wrote to memory of 1576	1972	sdfsdfs.exe	38
PID 1972 wrote to memory of 1576	1972	sdfsdfs.exe	38

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Git2.zip
1⤵
PID:1124

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:1200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Git2\" -spe -an -ai#7zMap20690:66:7zEvent21657
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:892

C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe
"C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2040

C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe
"C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe"
1⤵
- Executes dropped EXE
PID:524

C:\Users\Admin\Desktop\Git2\sdfsdfs.exe
"C:\Users\Admin\Desktop\Git2\sdfsdfs.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 144
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe

Filesize
53KB

MD5
6986f1d3d40626f825b3ebf0415fc54c

SHA1
4e498030af12be1c971aa8b06178c24266d39197

SHA256
7e84d74990b3b4a9807b3072a2637c0c7035b2e9bc4f6e603b9f1766172fbf3e

SHA512
02d095629b9fcd4d7e9b0e156adfd1da41e398848f7c37eb364dfac1636baa6933d95ffebe6083cd4eaafab09d341233ae4e83b47cfeb4e2dc73a30da85c822b

Download Submit
C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe

Filesize
53KB

MD5
6986f1d3d40626f825b3ebf0415fc54c

SHA1
4e498030af12be1c971aa8b06178c24266d39197

SHA256
7e84d74990b3b4a9807b3072a2637c0c7035b2e9bc4f6e603b9f1766172fbf3e

SHA512
02d095629b9fcd4d7e9b0e156adfd1da41e398848f7c37eb364dfac1636baa6933d95ffebe6083cd4eaafab09d341233ae4e83b47cfeb4e2dc73a30da85c822b

Download Submit
C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe

Filesize
7.5MB

MD5
fb0deff37fe12bbc4f0c1fe21e2d15ef

SHA1
180325b8b6e64638e167601c67cd9c53331ba9f6

SHA256
ece100b8240f7eb032cb319a019eba1552ac19f563a291cf8422b1090ccf9b76

SHA512
9fc013111994e943fd800abeb543563713eebebcd940b28973809a40d85271f0ed781dd95ca508e55788de2e2a575b1cb8734636f15b51a9d68f773b2cb4e73d

Download Submit
C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe

Filesize
7.5MB

MD5
fb0deff37fe12bbc4f0c1fe21e2d15ef

SHA1
180325b8b6e64638e167601c67cd9c53331ba9f6

SHA256
ece100b8240f7eb032cb319a019eba1552ac19f563a291cf8422b1090ccf9b76

SHA512
9fc013111994e943fd800abeb543563713eebebcd940b28973809a40d85271f0ed781dd95ca508e55788de2e2a575b1cb8734636f15b51a9d68f773b2cb4e73d

Download Submit
C:\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
\Users\Admin\Desktop\Git2\sdfsdfs.exe

Filesize
214KB

MD5
8882daf740d94819afcce024bce34a37

SHA1
4bdb80e664638201f393a49e5577886683d54662

SHA256
a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d

SHA512
6ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97

Download Submit
memory/524-112-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/524-113-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/524-84-0x00000000003A0000-0x00000000003B4000-memory.dmp

Filesize
80KB

Download
memory/524-111-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/524-110-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/524-107-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/524-109-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download
memory/1340-72-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1340-73-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1340-108-0x0000000000630000-0x0000000000670000-memory.dmp

Filesize
256KB

Download
memory/1340-70-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1340-65-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1340-66-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2040-74-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2040-103-0x0000000000120000-0x0000000000CCB000-memory.dmp

Filesize
11.7MB

Download
memory/2040-99-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2040-98-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2040-92-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2040-89-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2040-87-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2040-86-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2040-77-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2040-101-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/2040-102-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/2040-96-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/2040-75-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2040-93-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2040-95-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/2040-90-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2040-88-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2040-82-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2040-85-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2040-83-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2040-76-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download