Analysis
-
max time kernel
338s -
max time network
512s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
07/05/2023, 18:11
General
-
Target
SGImini.exe
-
Size
30.6MB
-
MD5
ee470b6291fec8e84466d2b2bf62e20f
-
SHA1
2ca7c75dc2cd254ad608b7d18993b89bb57de087
-
SHA256
b302802afcf425b8620e9a1078598eaac8dcf5dedd3515e3b09d15ca46304bca
-
SHA512
bc1cfb3c14d174aba344b2ed545aa3fca087b0117d76c068a79d06533b539b6c427c0d6f57f95b074e75c3ae9a5a21bdc4bf7dd88a79ae2e79233cb97ce08d7d
-
SSDEEP
786432:AL/jqgODjcF6z+u9mqUbwvhpsk+WTqCfHD9oErI8Cs:ALuhGuwqmw5p8WnHDR5Cs
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks SCSI registry key(s) 3 TTPs 14 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SGImini.exe"C:\Users\Admin\AppData\Local\Temp\SGImini.exe"1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~SkakJHBuY\SGIYX.exeC:\Users\Admin\AppData\Local\Temp\~SkakJHBuY\SGIYX.exe -mohong2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD50cb9c0329fefacfd49c0f76c41c12b42
SHA135f3503e41adb04bb61fdc7a6a111b06522f8655
SHA256173eea9ed8cfb54b85795b6de94dce01be1132ef7cfced9825a7632cb19c7c2d
SHA512461140c9bcc6cbb46f0e827b6079775ffd68ff76a9ed5788baa20e373ce84a8dfaecc8ed60fa28392002551cbbdb4fda3c954290f8a3a281c31ad7ba91345d55
-
Filesize
23KB
MD50cb9c0329fefacfd49c0f76c41c12b42
SHA135f3503e41adb04bb61fdc7a6a111b06522f8655
SHA256173eea9ed8cfb54b85795b6de94dce01be1132ef7cfced9825a7632cb19c7c2d
SHA512461140c9bcc6cbb46f0e827b6079775ffd68ff76a9ed5788baa20e373ce84a8dfaecc8ed60fa28392002551cbbdb4fda3c954290f8a3a281c31ad7ba91345d55
-
Filesize
483B
MD5d9f72c8bd0bdf1f485367ffd9c5bff43
SHA187da0a8051ce4dd7400cc2583067f1b0836220e1
SHA256a8f72e5586ccdccac62271b7137440d2c7dc3b23955b6a9c3e52202abce955e9
SHA5129535c8dc539d115a0f7961e4efa5b40f1d0d5c926e1be65b234f0fe765c80fb7772ad79688376bae885be2a282343430c1f757ad9f4ffa6bd96ab183f32cfb92
-
Filesize
883B
MD56b7742700aa4129510b8281cc9fdb2fb
SHA1d144c02a9b22a9e9026a49625022dea53ea1164f
SHA256244c7d9c2d58c1702cda27c62a213d0f603960160555a3da241f5ea087cae962
SHA5123c2baab522ca533955afd3d7cee1fd18e242e51555cffff91d474b1f099598bfc04c14219c3ade05e746dbe0025cfa8d5715b00c4263b2c904d0ca38daa9b1b5
-
Filesize
40KB
-
Filesize
71.4MB
-
Filesize
71.4MB
-
Filesize
71.4MB
-
Filesize
71.4MB
-
Filesize
4KB
-
Filesize
71.4MB
-
Filesize
71.4MB