19b9a267a5b79913bf6a3a53cda83c3f7711cb6c879d48ccb97b4ed15c21fcf1

Analysis

max time kernel
127s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-06-2023 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mingw-w64-install.exe
Size

937KB
MD5

9670c3701f0b546ca63a3e6d7749e59e
SHA1

224af96ce7b76c4d27c8d44061b1bf633cdd4eb1
SHA256

19b9a267a5b79913bf6a3a53cda83c3f7711cb6c879d48ccb97b4ed15c21fcf1
SHA512

4a7376d1a0913ed649f2ec54121acf86c03aa42c4a8c1fbbca85a35097baa282940399dcb6a7fe7f9401c8215787116a9a8d4f426f05a85644099a334be4ac87
SSDEEP

24576:QQ9odX6E2ccOgz/HVdwpCdgyB7UqI5BuKmQn2:QQG6E2cRM/EpAgyWqI5BuKk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
324	mingw-w64-install.exe
324	mingw-w64-install.exe
324	mingw-w64-install.exe
324	mingw-w64-install.exe
324	mingw-w64-install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
324	mingw-w64-install.exe
324	mingw-w64-install.exe
324	mingw-w64-install.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
324	mingw-w64-install.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	324	mingw-w64-install.exe

C:\Users\Admin\AppData\Local\Temp\mingw-w64-install.exe
"C:\Users\Admin\AppData\Local\Temp\mingw-w64-install.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\genteeF1\7zci.dll

Filesize
78KB

MD5
af3801f29002d8fa68ed44e0c7c4182d

SHA1
0c2566466fedda91ddb9460cd192cc16b9cb38bc

SHA256
65f7a03ab6775e08a89c595486ebe18e7ebf61705103a251f1bd5272956a3720

SHA512
ad27047fed24c0b1c02f0d9b922f53d982390bbe6d01812c68e972784c5652badadc7f4b929e2f6f8ec21709ac7bb132928aa02c556bd72442c04609fed4449c

Download Submit
\Users\Admin\AppData\Local\Temp\genteeF1\guig.dll

Filesize
20KB

MD5
d3f8c0334c19198a109e44d074dac5fd

SHA1
167716989a62b25e9fcf8e20d78e390a52e12077

SHA256
005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa

SHA512
9c890e0af5b20ce9db4284e726ec0b05b2a9f18b909fb8e595edf3348a8f0d07d5238d85446a09e72e4faa2e2875beb52742d312e5163f48df4072b982801b51

Download Submit
\Users\Admin\AppData\Local\Temp\genteeF1\libeay32.dll

Filesize
1.3MB

MD5
246c1aa481fa369115e6f7bb1e460ced

SHA1
5a0f33c471005f71aa05967e2fcf04c9fbb2c0d2

SHA256
0c43b5100dd5823a163a385f020af9eb3eea53b5f78dae4f03f2ff0a24535c5c

SHA512
d1335c3376ee48fc6326b8a2f9fe869e6bb654611a3413980d232d1be186cb3f9a13b8a6c0431e1a61de74d630dd23531c6977e64115d06150bbb660e8f4095c

Download Submit
\Users\Admin\AppData\Local\Temp\genteeF1\ssleay32.dll

Filesize
327KB

MD5
cd850e46537054218d53ebe74a896500

SHA1
f981a656060f7f49dcb0f4855cccfeb26f96705d

SHA256
3275b53a5f3a39aa9348accd4b5f488a243f69c739a63fe34e947ce321be903d

SHA512
7c67cd6353ff15ef0668599fda3d9964537bd1937ed5488e34549fb0e2db1957a9f4c92672e84c1a181fdb24b69ac70d05841f20fba5f0e5ae6e40e4b15f5fb3

Download Submit
\Users\Admin\AppData\Local\Temp\genteert.dll

Filesize
60KB

MD5
6ce814fd1ad7ae07a9e462c26b3a0f69

SHA1
15f440c2a8498a4efe2d9ba0c6268fab4fb8e0a7

SHA256
54c0da1735bb1cb02b60c321de938488345f8d1d26bf389c8cb2acad5d01b831

SHA512
e5cff6bcb063635e5193209b94a9b2f5465f1c82394f23f50bd30bf0a2b117b209f5fca5aa10a7912a94ad88711dcd490aa528a7202f09490acd96cd640a3556

Download Submit
memory/324-68-0x00000000002A0000-0x00000000002BA000-memory.dmp

Filesize
104KB

Download