b1241b69116ad07db69b3bcb9579af18e0ba13c2b663584e2047ecc39c66ed0e

Resubmissions

19-08-2023 04:49

230819-ffsxgaga73 3

19-08-2023 04:47

19-08-2023 04:35

19-08-2023 04:30

19-08-2023 04:27

19-08-2023 04:24

16-08-2023 13:07

Analysis

max time kernel
131s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
19-08-2023 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DarkGateLoader.exe
Size

24.5MB
MD5

90262f95bf3a705ab9d23cde1f415655
SHA1

dc9f7383403df475173be606de1c4c61836dba73
SHA256

44d678f7cae23769cf2b9d59cb114b990c18d8a106de41526e4f9685d5331048
SHA512

3e6e23b8154ecaaaca27da5f73d5135b507621d7aeaad14deb5ded92bc61ba694760c1340e0264e44ebbe94a479738cd9ccf664415a94f8263234fdd289bcc45
SSDEEP

196608:73esNoeoCxZ1Ev7L0dtbqvLSOJJ4VvL2iSY/VCMzEqcVqeCqe:73esNoeoCYL0dtmj7JJJWCMzE5TC

Score

5^/10

Malware Config

Signatures

Suspicious use of NtCreateThreadExHideFromDebugger 9 IoCs

pid	Process
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3860	DarkGateLoader.exe
3860	DarkGateLoader.exe

C:\Users\Admin\AppData\Local\Temp\DarkGateLoader.exe
"C:\Users\Admin\AppData\Local\Temp\DarkGateLoader.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3860
- \Users\Admin\AppData\Local\Temp\DarkGateLoader.exe
  2⤵
  PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2820-180-0x0000000000400000-0x0000000000400000-memory.dmp

Download
memory/3860-118-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-119-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-117-0x00007FF8F72A0000-0x00007FF8F72A1000-memory.dmp

Filesize
4KB

Download
memory/3860-120-0x00007FF8F7490000-0x00007FF8F7491000-memory.dmp

Filesize
4KB

Download
memory/3860-121-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-122-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-124-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/3860-125-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-128-0x00007FF8F74B0000-0x00007FF8F74B1000-memory.dmp

Filesize
4KB

Download
memory/3860-129-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-127-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3860-126-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-123-0x00007FF8F74A0000-0x00007FF8F74A1000-memory.dmp

Filesize
4KB

Download
memory/3860-130-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-132-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-135-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-134-0x00007FF8F74D0000-0x00007FF8F74D1000-memory.dmp

Filesize
4KB

Download
memory/3860-136-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-138-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-139-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-137-0x00007FF8F74E0000-0x00007FF8F74E1000-memory.dmp

Filesize
4KB

Download
memory/3860-133-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-131-0x00007FF8F74C0000-0x00007FF8F74C1000-memory.dmp

Filesize
4KB

Download
memory/3860-140-0x0000000003900000-0x0000000003901000-memory.dmp

Filesize
4KB

Download
memory/3860-141-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-144-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-143-0x00007FF8F1F60000-0x00007FF8F1F61000-memory.dmp

Filesize
4KB

Download
memory/3860-145-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-146-0x00007FF8F1F70000-0x00007FF8F1F71000-memory.dmp

Filesize
4KB

Download
memory/3860-147-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-142-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-148-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-150-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-151-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-153-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-152-0x00007FF8F1F90000-0x00007FF8F1F91000-memory.dmp

Filesize
4KB

Download
memory/3860-154-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-155-0x00007FF8F1FA0000-0x00007FF8F1FA1000-memory.dmp

Filesize
4KB

Download
memory/3860-149-0x00007FF8F1F80000-0x00007FF8F1F81000-memory.dmp

Filesize
4KB

Download
memory/3860-156-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-157-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-158-0x00007FF8F1FB0000-0x00007FF8F1FB1000-memory.dmp

Filesize
4KB

Download
memory/3860-159-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-160-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-161-0x00007FF8F1FC0000-0x00007FF8F1FC1000-memory.dmp

Filesize
4KB

Download
memory/3860-162-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-163-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-165-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-166-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-164-0x00007FF8F1FD0000-0x00007FF8F1FD1000-memory.dmp

Filesize
4KB

Download
memory/3860-168-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-167-0x00007FF8F1FE0000-0x00007FF8F1FE1000-memory.dmp

Filesize
4KB

Download
memory/3860-169-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-170-0x00007FF8F1FF0000-0x00007FF8F1FF1000-memory.dmp

Filesize
4KB

Download
memory/3860-171-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-172-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-174-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-173-0x00007FF8F2000000-0x00007FF8F2001000-memory.dmp

Filesize
4KB

Download
memory/3860-175-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-176-0x00007FF8F2010000-0x00007FF8F2011000-memory.dmp

Filesize
4KB

Download
memory/3860-177-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-178-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-179-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-182-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/3860-183-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3860-184-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/3860-185-0x0000000003920000-0x0000000003A60000-memory.dmp

Filesize
1.2MB

Download
memory/3860-187-0x0000000000400000-0x0000000001D2C000-memory.dmp

Filesize
25.2MB

Download
memory/3860-188-0x0000000004AC0000-0x0000000004AC8000-memory.dmp

Filesize
32KB

Download