Analysis
-
max time kernel
626s -
max time network
631s -
platform
windows7_x64 -
resource
win7-20230220-es -
resource tags
-
submitted
19-03-2023 14:14
General
-
Target
Git2.zip
-
Size
7.3MB
-
MD5
35c1fb32c93adc5498e2e29bf7af4680
-
SHA1
a195535fa854f186a0fe1d74de24c26f110a5d44
-
SHA256
2194f49d4b349e23456b323abfc7167bf5927453590abd43cbdaca1dda9bcd68
-
SHA512
01c5a153e146272cad71207cb871e9de19d36f630329b9b5546f98257ea054d89b9b6e0a3669a86a5b4f67c8508061f010f0841d980f141423374b031f88c67f
-
SSDEEP
98304:h6Y2jb5ZT5CH0uzEDaLaBD0iH5n37cfrOHOFxFE2hhAOSBXcPZWPvb:B2xZ1e32N0iHFiTFEQA7DPT
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 5 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Git2.zip1⤵
-
C:\Windows\system32\verclsid.exe"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x4011⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Git2\" -spe -an -ai#7zMap20690:66:7zEvent216571⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe"C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe"C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\Git2\sdfsdfs.exe"C:\Users\Admin\Desktop\Git2\sdfsdfs.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 1442⤵
- Loads dropped DLL
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exeFilesize
53KB
MD56986f1d3d40626f825b3ebf0415fc54c
SHA14e498030af12be1c971aa8b06178c24266d39197
SHA2567e84d74990b3b4a9807b3072a2637c0c7035b2e9bc4f6e603b9f1766172fbf3e
SHA51202d095629b9fcd4d7e9b0e156adfd1da41e398848f7c37eb364dfac1636baa6933d95ffebe6083cd4eaafab09d341233ae4e83b47cfeb4e2dc73a30da85c822b
-
C:\Users\Admin\Desktop\Git2\GUI_MODERNISTA.exeFilesize
53KB
MD56986f1d3d40626f825b3ebf0415fc54c
SHA14e498030af12be1c971aa8b06178c24266d39197
SHA2567e84d74990b3b4a9807b3072a2637c0c7035b2e9bc4f6e603b9f1766172fbf3e
SHA51202d095629b9fcd4d7e9b0e156adfd1da41e398848f7c37eb364dfac1636baa6933d95ffebe6083cd4eaafab09d341233ae4e83b47cfeb4e2dc73a30da85c822b
-
C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exeFilesize
7.5MB
MD5fb0deff37fe12bbc4f0c1fe21e2d15ef
SHA1180325b8b6e64638e167601c67cd9c53331ba9f6
SHA256ece100b8240f7eb032cb319a019eba1552ac19f563a291cf8422b1090ccf9b76
SHA5129fc013111994e943fd800abeb543563713eebebcd940b28973809a40d85271f0ed781dd95ca508e55788de2e2a575b1cb8734636f15b51a9d68f773b2cb4e73d
-
C:\Users\Admin\Desktop\Git2\clifdthjsjkdgaoker.exeFilesize
7.5MB
MD5fb0deff37fe12bbc4f0c1fe21e2d15ef
SHA1180325b8b6e64638e167601c67cd9c53331ba9f6
SHA256ece100b8240f7eb032cb319a019eba1552ac19f563a291cf8422b1090ccf9b76
SHA5129fc013111994e943fd800abeb543563713eebebcd940b28973809a40d85271f0ed781dd95ca508e55788de2e2a575b1cb8734636f15b51a9d68f773b2cb4e73d
-
C:\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
\Users\Admin\Desktop\Git2\sdfsdfs.exeFilesize
214KB
MD58882daf740d94819afcce024bce34a37
SHA14bdb80e664638201f393a49e5577886683d54662
SHA256a5ea48e864640a9562da03abdd54cfa617a4699cec0238299bdda5ccb28cfe8d
SHA5126ba0c7863713c4334ce511ee7ea7460ea6dacdb243008fae1556a3db7740e6ae53f30e03309f3cc3bf0394328f470a880bf8ed31ee7552ef47dd3823a6ef4c97
-
memory/524-112-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/524-113-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/524-84-0x00000000003A0000-0x00000000003B4000-memory.dmpFilesize
80KB
-
memory/524-111-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/524-110-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/524-107-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/524-109-0x00000000043A0000-0x00000000043E0000-memory.dmpFilesize
256KB
-
memory/1340-72-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/1340-73-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/1340-108-0x0000000000630000-0x0000000000670000-memory.dmpFilesize
256KB
-
memory/1340-70-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmpFilesize
4KB
-
memory/1340-65-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/1340-66-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/2040-74-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2040-103-0x0000000000120000-0x0000000000CCB000-memory.dmpFilesize
11.7MB
-
memory/2040-99-0x0000000000D50000-0x0000000000D51000-memory.dmpFilesize
4KB
-
memory/2040-98-0x0000000000D50000-0x0000000000D51000-memory.dmpFilesize
4KB
-
memory/2040-92-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/2040-89-0x00000000000F0000-0x00000000000F1000-memory.dmpFilesize
4KB
-
memory/2040-87-0x00000000000E0000-0x00000000000E1000-memory.dmpFilesize
4KB
-
memory/2040-86-0x00000000000E0000-0x00000000000E1000-memory.dmpFilesize
4KB
-
memory/2040-77-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/2040-101-0x0000000000D60000-0x0000000000D61000-memory.dmpFilesize
4KB
-
memory/2040-102-0x0000000000D60000-0x0000000000D61000-memory.dmpFilesize
4KB
-
memory/2040-96-0x0000000000D40000-0x0000000000D41000-memory.dmpFilesize
4KB
-
memory/2040-75-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2040-93-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/2040-95-0x0000000000D40000-0x0000000000D41000-memory.dmpFilesize
4KB
-
memory/2040-90-0x00000000000F0000-0x00000000000F1000-memory.dmpFilesize
4KB
-
memory/2040-88-0x00000000000F0000-0x00000000000F1000-memory.dmpFilesize
4KB
-
memory/2040-82-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/2040-85-0x00000000000E0000-0x00000000000E1000-memory.dmpFilesize
4KB
-
memory/2040-83-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/2040-76-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB