Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    566KB

  • MD5

    1fb683c2cb13d0160e37f9d0eefda008

  • SHA1

    2ffc6cba8b6b53a4887f2025f6e0fed1a11498c3

  • SHA256

    6527532bbe4765f402505e48290b20b7a4b450be6b6cc8aa7ddfeabd72f27ae5

  • SHA512

    0410ffb98098d79fca09efcdc8a6a2620436d75d99396d90b304005c8d4db8d4c273d5c0e767609e4112ba53a9fde6be2ef71498c240738170901fa5adae6767

  • SSDEEP

    12288:JXA9Z69M3k42ibcovVNBLMTyBkLYqz5OKzhILblfTV:XvTyBk0qzQKzcb1x

Score
10/10
lgoogloaderdownloader

Malware Config

Signatures

  • Detects LgoogLoader payload 1 IoCs
  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
      2⤵
        PID:2592
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:1928
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"
          2⤵
            PID:1460
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
            2⤵
              PID:1540
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
              2⤵
                PID:2264
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe
                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"
                2⤵
                  PID:2348
                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe
                  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"
                  2⤵
                    PID:2096
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
                    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
                    2⤵
                      PID:1104
                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                      2⤵
                        PID:2312
                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe
                        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"
                        2⤵
                          PID:2512
                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                          2⤵
                            PID:2436
                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
                            2⤵
                              PID:1200
                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
                              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
                              2⤵
                                PID:2072

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • memory/2072-61-0x0000000000400000-0x000000000043E000-memory.dmp

                              Filesize

                              248KB

                              Download

                            • memory/2072-65-0x0000000000110000-0x000000000011D000-memory.dmp

                              Filesize

                              52KB

                              Download

                            • memory/2072-64-0x00000000000F0000-0x00000000000F9000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/2072-63-0x0000000000400000-0x000000000043E000-memory.dmp

                              Filesize

                              248KB

                              Download

                            • memory/2204-57-0x00000000003D0000-0x00000000003D6000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/2204-59-0x000000001AD40000-0x000000001ADC8000-memory.dmp

                              Filesize

                              544KB

                              Download

                            • memory/2204-60-0x0000000001F00000-0x0000000001F80000-memory.dmp

                              Filesize

                              512KB

                              Download

                            • memory/2204-58-0x0000000001F80000-0x0000000001F9A000-memory.dmp

                              Filesize

                              104KB

                              Download

                            • memory/2204-54-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

                              Filesize

                              9.9MB

                              Download

                            • memory/2204-56-0x0000000001F00000-0x0000000001F80000-memory.dmp

                              Filesize

                              512KB

                              Download

                            • memory/2204-55-0x0000000000A50000-0x0000000000AE2000-memory.dmp

                              Filesize

                              584KB

                              Download

                            • memory/2204-66-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

                              Filesize

                              9.9MB

                              Download

                            • memory/2204-67-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

                              Filesize

                              9.9MB

                              Download