5b8c16d90c48d63df554556f799752f0f925aa154341a1f92b9dd3daea3fa641

Analysis

max time kernel
173s
max time network
183s
platform
windows10-1703_x64
resource
win10-20230220-de
resource tags

arch:x64arch:x86image:win10-20230220-delocale:de-deos:windows10-1703-x64systemwindows
submitted
19/04/2023, 23:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GatorXsetup.exe
Size

24.9MB
MD5

8254667aadd6c20528f705594dade738
SHA1

a20580cb1d004fdde76f4c4500fde97225232a43
SHA256

5b8c16d90c48d63df554556f799752f0f925aa154341a1f92b9dd3daea3fa641
SHA512

ed4129e4c524f380d25ef84803a768868c14a55d2c20543512a60eea6889da3cb9628147b85e55ed69a9ec84fff6816cbd578c7c71fce3ee1b5d5dd1f7f8c2da
SSDEEP

393216:tTglWGYncIO0CXydpwoLW7SBUNLSv9p907rdYbNvhdiVty2GtALKlfzAZJwA2i+G:tyIXCCQo8VK9L0vdGCVtLeALKFzBA2ij

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3604	GatorXsetup.exe
3652	GatorXsetup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3652	GatorXsetup.exe

C:\Users\Admin\AppData\Local\Temp\GatorXsetup.exe
"C:\Users\Admin\AppData\Local\Temp\GatorXsetup.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\GatorXsetup.exe
"C:\Users\Admin\AppData\Local\Temp\GatorXsetup.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\Deutsch.ifl

Filesize
3KB

MD5
981077ef92410cbf204c59e5465de5dd

SHA1
ad253930fd3a5edd8a81dc473f89132ff2243699

SHA256
a792f4f5edee0e158798b75b82f6ac720e51957498450161b04ee812101f801c

SHA512
3f1e30cd667a658f3a2f1388efbd712b57cc5b028de431fd995d8ff376734a8e7ec62a686502761c03214eded30b0ab445d0762b58e5d24663cd25ef8749725c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\OS.dat

Filesize
194B

MD5
82d053f1ee6c5185efadfe95e3150474

SHA1
ae21584f4d37b4963be32f3cb6f5dcc22f582858

SHA256
032555b4e37952b7c27e9bc3674bb4df86972591da67a7111f27d5dc1662f1cc

SHA512
bae2aab27ecb2403791bb1ae631cd488f3916469c3c20f71411ba3fd259c9e61834819c6ae816d8fe0baaab8a077810dc94578b2afccfe64900f5df9590f0b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\SC.dat

Filesize
843B

MD5
b652e2327d7be57bd827161bcdc73414

SHA1
03627957747a25347fd64c37e1b3025f1f5b9573

SHA256
6bc338b652e77ba8d0f4207654419c91fa7fcd3711dc077534b0f3118fde9d11

SHA512
ad789861a53a0e0426b0358cdf0bab87383da03a61cf6ea9147c358bfe199d5504a625d57fb73df1238297310a143f2e987a2509300964f48d4a042cad780ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\headerImage.dat

Filesize
4KB

MD5
4ae65ba99fb788d962860ec9ed14f2a7

SHA1
9d89fc4df5cb45232c4f6b514855de723d5b4809

SHA256
6d118dc765ed52458079f8f588b7e144b02aa8e564f06726aade9ca7d77ef0a3

SHA512
a5d593f69f38e9907628b0ab8ecb7ff79af0c8a0223b3fad7d9ed7361fc3f202f16a13280ebc52587e616206e3aef641e6a0294a7e574321a2ce41bab9871a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\languages.dat

Filesize
49B

MD5
d38d005d9c45166c969e06a6451d6d28

SHA1
ad82af163527fc7b684c5cc0b66f88a9646c8b9d

SHA256
4c1fb01c2036d2b82fa2135d64973fba4dab677f9e27c9a1c6d59fd0f7593752

SHA512
711a1777d8c5656a744533df192541ff52a84e2c38379ecf9bd834f87aa62484ad43ed0adea86413dee225e691db6db58586ced1ef53c42fd32216ebf24635a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\licence.rtf

Filesize
11KB

MD5
5fb381134e847feef191b2d4541373e6

SHA1
bd181b014408e9cf58d1c976305b17680fbdffef

SHA256
651654b5e02e6aff69cdca2c6c981f149a4779461db35471bf66ab6378bb7668

SHA512
d64a1cf6cbf7f38855f9d0e683e4994099908a89814af2349a758e2455deed74c92a999de7173d37c1ff2716f3033c270f8b531a9ed03965ce9d21f849e93d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\setupArchive.archive

Filesize
24.2MB

MD5
32a599677d56829166c248f1a5d1ce41

SHA1
eff4c707d6843e58e80e2320852cd8079596c966

SHA256
e84a46da161f3adeaaf8f65babfa2b48a3a4ef42456f834384851e93c5767263

SHA512
e745e0a8afd2267498638e6067e26bef3fdfe8eb07fa6ef68a20d832ec4c45601dba7e5703884c805143a3d50501de44da888d05e78a761203ffb551a30c2d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\setupConfiguration.archive

Filesize
11KB

MD5
23a4f8a1bd80519d45e8d30c72141563

SHA1
7f6f91d21759cca4b12b5b76b75c0e1ec079b76d

SHA256
7ed6d4a6fc751b99672ec6337e48b3826d1e25490106535e44a62125a3406652

SHA512
4896e2297393343e52b55acb72bb3270e6a414873087ab64b1b8213c0087df127c1ee03af986d9e3619c67e0ec5b7cb43430950f4c311aec599f462ae51ae2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{C2311752-8C56-48E8-A862-B36446AF83AB}\wizardImage.dat

Filesize
25KB

MD5
b6310faff75fb733769fe62ebeebffb3

SHA1
e5bc498c59a8f7dfee8d9d841f4a7cd5fdd3b37e

SHA256
d148dc2569e9abc4b4da650b1920ef1ffdc10bbd6bc2e20a97ce44b1f9f78aea

SHA512
6bff0d58cdaa48a827f36602623b53fcbd5f0912b4e2219db4153a03a02c52ed6dc4de5f4b3843af13e22f4e51daafd9057b3c5fd6992c6ed1dee79963646c30

Download Submit