Overview

overview

4

Static

static

1

Gprinter_2...-1.exe

windows7-x64

4

Gprinter_2...-1.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    25s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 12:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Gprinter_2022.2_M-1.exe

  • Size

    71.8MB

  • MD5

    7f6aceff0ad34b84873ffa29af91d5b5

  • SHA1

    5d0512f632c21e8701a83fef396ea3ca908bb2b3

  • SHA256

    4f4e3c2d48a52f6939c9ee42e6963766972f399a06ceb7739b236451249c3c5b

  • SHA512

    68d03df3cf5cc78bc4bb9ddeb427b86c06a6baf8fa220a33089f9ee262b68f95ac2c5fda390d2813a23f7c06669ac416d33538d27271eb2555fbe9a4dd911a0c

  • SSDEEP

    1572864:UpktxLPHw179gvYP0XanonPYq9ZlJ0LlVOhAxQqJwj2C/t++2wGzti3DDH5:UCxLPHc7qYP0WoPYi0yqj2wE33Z

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Gprinter_2022.2_M-1.exe
    "C:\Users\Admin\AppData\Local\Temp\Gprinter_2022.2_M-1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard.exe
      __ExtractWizard.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1636

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard.exe
          Filesize

          373KB

          MD5

          4269ab24389067cbe12342e4d224e1a8

          SHA1

          ebec9ebe0f405c4024e141c93c42458534df6045

          SHA256

          005d3e989b47f5fa291408831cad66bc1f0577e15c1fe3be0c30d801b9d54e40

          SHA512

          66006877a0855efc850f445d31336e857e19e67dbbe0041b01959f5774067f4fcacfb0d5b922dae0875342ce957cdb1e65d9b219e0d05ab7213a027e2db33d4a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard.exe
          Filesize

          373KB

          MD5

          4269ab24389067cbe12342e4d224e1a8

          SHA1

          ebec9ebe0f405c4024e141c93c42458534df6045

          SHA256

          005d3e989b47f5fa291408831cad66bc1f0577e15c1fe3be0c30d801b9d54e40

          SHA512

          66006877a0855efc850f445d31336e857e19e67dbbe0041b01959f5774067f4fcacfb0d5b922dae0875342ce957cdb1e65d9b219e0d05ab7213a027e2db33d4a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard.ini
          Filesize

          186B

          MD5

          f94be9a053743534aba0a6284476c150

          SHA1

          e97ee5a15d8ef498d784be82dce0d2f3f5c80e86

          SHA256

          9fa34124033cba817695edebe6106dce155a9f32ba295f21dc440f7b094d05bb

          SHA512

          1f9207f3111f8a37d3c14e2a426f1cf5e03cb3ff159c48418159715adce6607983dec41431fa0e7870b93a3d13b90df212783adf504650c067ab9adc3a42df97

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard[enu].dll
          Filesize

          37KB

          MD5

          90586eb1e95bd78e2f9d13c7e7a05240

          SHA1

          9c76d2c2ca25e22ebe30ecebc1ed8ca3d7fd21ba

          SHA256

          f7c7851704068db0b32f712af8202402a5324971d36833fdc714cabf8313bf07

          SHA512

          9d49b3c3ba8ad5136a20e37215d0645c5144dc60924ebd6ca74ef726fa099796c83bf8a4a08d39446c8abff5e6394945f873aad3beaea47599de9aeb09763f45

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DP_18FE.tmp\licSSenu.rtf
          Filesize

          189KB

          MD5

          5b49dfbc87bcfcfc432f39f3f3224df1

          SHA1

          1f8ee2b5c8b8be222c00b462023f2c0a93d826ca

          SHA256

          6db0d04b3d220db80bc17c8d79879c9bf52800f963358b6ba5152a449f3c94bb

          SHA512

          9915629fd1509f9f19b1fffb15adda1f6f97f2301c9c4d9ac9678f0335bb75593aed6fde35b42448c7e3ed4ca483c2eb869f243b18a11e325a6b7d1169b1d109

          Download Submit

        • \Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard.exe
          Filesize

          373KB

          MD5

          4269ab24389067cbe12342e4d224e1a8

          SHA1

          ebec9ebe0f405c4024e141c93c42458534df6045

          SHA256

          005d3e989b47f5fa291408831cad66bc1f0577e15c1fe3be0c30d801b9d54e40

          SHA512

          66006877a0855efc850f445d31336e857e19e67dbbe0041b01959f5774067f4fcacfb0d5b922dae0875342ce957cdb1e65d9b219e0d05ab7213a027e2db33d4a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\DP_18FE.tmp\__ExtractWizard[enu].dll
          Filesize

          37KB

          MD5

          90586eb1e95bd78e2f9d13c7e7a05240

          SHA1

          9c76d2c2ca25e22ebe30ecebc1ed8ca3d7fd21ba

          SHA256

          f7c7851704068db0b32f712af8202402a5324971d36833fdc714cabf8313bf07

          SHA512

          9d49b3c3ba8ad5136a20e37215d0645c5144dc60924ebd6ca74ef726fa099796c83bf8a4a08d39446c8abff5e6394945f873aad3beaea47599de9aeb09763f45

          Download Submit