Overview

overview

10

Static

static

3

de823b703c...JC.exe

windows7-x64

5

de823b703c...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-07-2023 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de823b703cefdd77b5acbe06b19e8d0f844_JC.exe

  • Size

    533KB

  • MD5

    b4fd2f6ea8eb477d5a35414f7c196719

  • SHA1

    061cad3050117c5956b4b701e5f6e396aa696067

  • SHA256

    de823b703cefdd77b5acbe06b19e8d0f844d0930f9c3609237d1fbd15a73c9cc

  • SHA512

    1745b469d67cd7f89c2496728ebfeecb6a32dae01549d0918027b30ddf325cc9eec11d671cfe6931ddf9b73af80f92262856b1a55bf8b01d2c22e5e7163da500

  • SSDEEP

    12288:uVIjEbiFS+LbnoBnQqmi8feE0H/7v6r13BnbNxk+4ivuqY4J4:uVIjEWFS+LbKQq9dJORRAcbY+4

Score
10/10
lgoogloaderdownloader

Malware Config

Signatures

  • Detects LgoogLoader payload 2 IoCs
  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de823b703cefdd77b5acbe06b19e8d0f844_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\de823b703cefdd77b5acbe06b19e8d0f844_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"
      2⤵
        PID:4980
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
        2⤵
          PID:4496
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"
          2⤵
            PID:8
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
            2⤵
              PID:1168
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"
              2⤵
                PID:4428
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
                2⤵
                  PID:1960
                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
                  2⤵
                    PID:1316
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                    2⤵
                      PID:1288
                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe
                      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"
                      2⤵
                        PID:1980
                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe
                        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"
                        2⤵
                          PID:1788
                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"
                          2⤵
                            PID:2720
                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe
                            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"
                            2⤵
                              PID:4644
                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe
                              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"
                              2⤵
                                PID:1004
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
                                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"
                                2⤵
                                  PID:4860

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • memory/1004-139-0x0000000000400000-0x0000000000434000-memory.dmp

                                Filesize

                                208KB

                                Download

                              • memory/1004-142-0x0000000000400000-0x0000000000434000-memory.dmp

                                Filesize

                                208KB

                                Download

                              • memory/1004-143-0x0000000000400000-0x0000000000434000-memory.dmp

                                Filesize

                                208KB

                                Download

                              • memory/1004-145-0x0000000001240000-0x0000000001249000-memory.dmp

                                Filesize

                                36KB

                                Download

                              • memory/1004-146-0x0000000001260000-0x000000000126D000-memory.dmp

                                Filesize

                                52KB

                                Download

                              • memory/1004-147-0x0000000001260000-0x000000000126D000-memory.dmp

                                Filesize

                                52KB

                                Download

                              • memory/2664-133-0x0000027A2F750000-0x0000027A2F7DA000-memory.dmp

                                Filesize

                                552KB

                                Download

                              • memory/2664-135-0x00007FFDC5E90000-0x00007FFDC6951000-memory.dmp

                                Filesize

                                10.8MB

                                Download

                              • memory/2664-136-0x00007FFDCF490000-0x00007FFDCF4A9000-memory.dmp

                                Filesize

                                100KB

                                Download

                              • memory/2664-137-0x0000027A49E90000-0x0000027A49EA0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/2664-141-0x00007FFDCF490000-0x00007FFDCF4A9000-memory.dmp

                                Filesize

                                100KB

                                Download

                              • memory/2664-144-0x00007FFDC5E90000-0x00007FFDC6951000-memory.dmp

                                Filesize

                                10.8MB

                                Download