b1241b69116ad07db69b3bcb9579af18e0ba13c2b663584e2047ecc39c66ed0e

Resubmissions

19/08/2023, 04:49

230819-ffsxgaga73 3

19/08/2023, 04:47

19/08/2023, 04:35

19/08/2023, 04:30

19/08/2023, 04:27

19/08/2023, 04:24

16/08/2023, 13:07

Analysis

max time kernel
63s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DarkGateLoader.exe
Size

24.5MB
MD5

90262f95bf3a705ab9d23cde1f415655
SHA1

dc9f7383403df475173be606de1c4c61836dba73
SHA256

44d678f7cae23769cf2b9d59cb114b990c18d8a106de41526e4f9685d5331048
SHA512

3e6e23b8154ecaaaca27da5f73d5135b507621d7aeaad14deb5ded92bc61ba694760c1340e0264e44ebbe94a479738cd9ccf664415a94f8263234fdd289bcc45
SSDEEP

196608:73esNoeoCxZ1Ev7L0dtbqvLSOJJ4VvL2iSY/VCMzEqcVqeCqe:73esNoeoCYL0dtmj7JJJWCMzE5TC

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5036	1320	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2060	DarkGateLoader.exe
2060	DarkGateLoader.exe

C:\Users\Admin\AppData\Local\Temp\DarkGateLoader.exe
"C:\Users\Admin\AppData\Local\Temp\DarkGateLoader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2060
- \Users\Admin\AppData\Local\Temp\DarkGateLoader.exe
  2⤵
  PID:1320
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1320 -s 8
    3⤵
    - Program crash
    PID:5036

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 1320 -ip 1320
1⤵
PID:2876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2060-133-0x00007FF842EB0000-0x00007FF842EB1000-memory.dmp

Filesize
4KB

Download
memory/2060-134-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-135-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-137-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-138-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-136-0x00007FF842EC0000-0x00007FF842EC1000-memory.dmp

Filesize
4KB

Download
memory/2060-139-0x00007FF842ED0000-0x00007FF842ED1000-memory.dmp

Filesize
4KB

Download
memory/2060-140-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-141-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-142-0x00007FF842EE0000-0x00007FF842EE1000-memory.dmp

Filesize
4KB

Download
memory/2060-143-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-144-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-146-0x00007FF842EF0000-0x00007FF842EF1000-memory.dmp

Filesize
4KB

Download
memory/2060-145-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/2060-148-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

Filesize
4KB

Download
memory/2060-150-0x00007FF842F00000-0x00007FF842F01000-memory.dmp

Filesize
4KB

Download
memory/2060-149-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-147-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-151-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-152-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-153-0x00007FF842F10000-0x00007FF842F11000-memory.dmp

Filesize
4KB

Download
memory/2060-154-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-155-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-157-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-156-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/2060-159-0x00007FF83E610000-0x00007FF83E611000-memory.dmp

Filesize
4KB

Download
memory/2060-160-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-161-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-158-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-162-0x00007FF83E620000-0x00007FF83E621000-memory.dmp

Filesize
4KB

Download
memory/2060-163-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-164-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-165-0x00007FF83E630000-0x00007FF83E631000-memory.dmp

Filesize
4KB

Download
memory/2060-166-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-167-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-168-0x00007FF83E640000-0x00007FF83E641000-memory.dmp

Filesize
4KB

Download
memory/2060-169-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-170-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-172-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-173-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-171-0x00007FF83E650000-0x00007FF83E651000-memory.dmp

Filesize
4KB

Download
memory/2060-174-0x00007FF83E660000-0x00007FF83E661000-memory.dmp

Filesize
4KB

Download
memory/2060-175-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-176-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-178-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-177-0x00007FF83E670000-0x00007FF83E671000-memory.dmp

Filesize
4KB

Download
memory/2060-181-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-182-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-180-0x00007FF83E680000-0x00007FF83E681000-memory.dmp

Filesize
4KB

Download
memory/2060-183-0x00007FF83E690000-0x00007FF83E691000-memory.dmp

Filesize
4KB

Download
memory/2060-184-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-185-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-179-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-186-0x00007FF83E6A0000-0x00007FF83E6A1000-memory.dmp

Filesize
4KB

Download
memory/2060-187-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-188-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-189-0x00007FF83E6B0000-0x00007FF83E6B1000-memory.dmp

Filesize
4KB

Download
memory/2060-190-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-191-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-192-0x00007FF83E6C0000-0x00007FF83E6C1000-memory.dmp

Filesize
4KB

Download
memory/2060-193-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-194-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-195-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-197-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/2060-198-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

Filesize
4KB

Download
memory/2060-199-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/2060-200-0x0000000003DE0000-0x0000000003E35000-memory.dmp

Filesize
340KB

Download
memory/2060-202-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/2060-204-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download
memory/2060-205-0x0000000003860000-0x00000000039A0000-memory.dmp

Filesize
1.2MB

Download