9f6cd8a4af7972ee7d79fa2dadcfe58fad7ebbcde5b4ff1810a17a0044a718c2

General

Target

OGMode v0.4.exe
Size

132KB
MD5

04c723246241003f4051f660be8a07a4
SHA1

bc9581677702fb915a922aa65c87dbd95314386c
SHA256

9f6cd8a4af7972ee7d79fa2dadcfe58fad7ebbcde5b4ff1810a17a0044a718c2
SHA512

cceea113070ed83d5caf563ba8e9562a9d6b70e8a48a4118605d1ca9c53245b7737c44d0b9b557cf696d5341fb21fef87a1030dc0d8812e6eddb8f54c5ab197a
SSDEEP

3072:G7DhdC6kzWypvaQ0FxyNTBfFJmhwsouzMSE5YL:GBlkZvaF4NTBt0PUf52

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3360	batbox.exe
3612	batbox.exe
1256	GetInput.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1264	1616	OGMode v0.4.exe	87
PID 1616 wrote to memory of 1264	1616	OGMode v0.4.exe	87
PID 1264 wrote to memory of 412	1264	cmd.exe	88
PID 1264 wrote to memory of 412	1264	cmd.exe	88
PID 1264 wrote to memory of 3360	1264	cmd.exe	89
PID 1264 wrote to memory of 3360	1264	cmd.exe	89
PID 1264 wrote to memory of 3360	1264	cmd.exe	89
PID 1264 wrote to memory of 3612	1264	cmd.exe	90
PID 1264 wrote to memory of 3612	1264	cmd.exe	90
PID 1264 wrote to memory of 3612	1264	cmd.exe	90
PID 1264 wrote to memory of 1256	1264	cmd.exe	91
PID 1264 wrote to memory of 1256	1264	cmd.exe	91
PID 1264 wrote to memory of 1256	1264	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\OGMode v0.4.exe
"C:\Users\Admin\AppData\Local\Temp\OGMode v0.4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8F20.tmp\8F21.tmp\8F22.bat "C:\Users\Admin\AppData\Local\Temp\OGMode v0.4.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Windows\system32\mode.com
    Mode 48,15
    3⤵
    PID:412
- - C:\Users\Admin\Downloads\batbox.exe
    Batbox /h 0
    3⤵
    - Executes dropped EXE
    PID:3360
- - C:\Users\Admin\Downloads\batbox.exe
    batbox /g 10 4 /a 218 /g 20 4 /a 191 /g 10 6 /a 192 /g 20 6 /a 217 /g 11 4 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 11 6 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 10 5 /a 179 /g 20 5 /a 179 /g 11 5 /d " On MODE " /g 24 4 /a 218 /g 35 4 /a 191 /g 24 6 /a 192 /g 35 6 /a 217 /g 25 4 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 25 6 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 24 5 /a 179 /g 35 5 /a 179 /g 25 5 /d " OFF MODE " /g 17 8 /a 218 /g 27 8 /a 191 /g 17 10 /a 192 /g 27 10 /a 217 /g 18 8 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 18 10 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 17 9 /a 179 /g 27 9 /a 179 /g 18 9 /d " Contact "
    3⤵
    - Executes dropped EXE
    PID:3612
- - C:\Users\Admin\Downloads\GetInput.exe
    Getinput /m 11 5 19 5 25 5 34 5 18 9 26 9 /h 70
    3⤵
    - Executes dropped EXE
    PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8F20.tmp\8F21.tmp\8F22.bat

Filesize
18KB

MD5
80d82657faf3dd5ff1f73eb5abd6a8eb

SHA1
1ed13f8a4327e403b975ae19fdb3d273f2ea7296

SHA256
967a6cebe6a3c239cb3cf2f0896099ab363603a0ec064b44fbd26c61b1da664f

SHA512
d39b9e5b78e09233ec1a12bd9d9e391166837020ea62a89794b4050258a7ee0c0bee1765aa8ad9d9725abdafcf9ff668a6010e5f4a15893aa8c179873fb0ffd3

Download Submit
C:\Users\Admin\Downloads\Button.bat

Filesize
2KB

MD5
8dc758853777c788f2bcba0763c3e29f

SHA1
9506756627e917a374630ba20112402f262f65b2

SHA256
034f93b81ea29c476acdcc7703007c63ecd20507541f22e318e0ed48980db87a

SHA512
0e77e4f4c2cc5e80c21d8566d7984c618ef7488685945a21b64bb68c7d813c439f1d215b98bc416beeabc74fe92719ed13cc5bfdac98e368e5fea2f4fdedbd9b

Download Submit
C:\Users\Admin\Downloads\GetInput.exe

Filesize
3KB

MD5
2ba62ae6f88b11d0e262af35d8db8ca9

SHA1
69d4ccb476cfebdf572134fead42a12750580e4b

SHA256
3f5c64717a0092ae214154a730e96e2e56921be2e3f1121a3e98b1ba84627665

SHA512
a984212245e401b68872623437a512898a00d71cca7d7b0aa6733663020cae92d50ce1ae3abafbd811542a77e72c8b6a5755492c07d6ddeb2642d908142c2ccb

Download Submit
C:\Users\Admin\Downloads\GetInput.exe

Filesize
3KB

MD5
2ba62ae6f88b11d0e262af35d8db8ca9

SHA1
69d4ccb476cfebdf572134fead42a12750580e4b

SHA256
3f5c64717a0092ae214154a730e96e2e56921be2e3f1121a3e98b1ba84627665

SHA512
a984212245e401b68872623437a512898a00d71cca7d7b0aa6733663020cae92d50ce1ae3abafbd811542a77e72c8b6a5755492c07d6ddeb2642d908142c2ccb

Download Submit
C:\Users\Admin\Downloads\batbox.exe

Filesize
2KB

MD5
a429cc48c9eb59d7642fc7479508903c

SHA1
b18b201d1c66dafbb2eca2c0785c98e68f41a89a

SHA256
8c6c18e14e4462c7bb767b8e6872ed36181f56ef22ade115dcc824773357449a

SHA512
c651e71f9c25457c7a80d84f79bd24cea291095675ccd0dd8c8ad3d54ecd885a06108b82401d1359d805cf6ae9b8b82802c14943343a0a2223104fa5e7575cad

Download Submit
C:\Users\Admin\Downloads\batbox.exe

Filesize
2KB

MD5
a429cc48c9eb59d7642fc7479508903c

SHA1
b18b201d1c66dafbb2eca2c0785c98e68f41a89a

SHA256
8c6c18e14e4462c7bb767b8e6872ed36181f56ef22ade115dcc824773357449a

SHA512
c651e71f9c25457c7a80d84f79bd24cea291095675ccd0dd8c8ad3d54ecd885a06108b82401d1359d805cf6ae9b8b82802c14943343a0a2223104fa5e7575cad

Download Submit
C:\Users\Admin\Downloads\batbox.exe

Filesize
2KB

MD5
a429cc48c9eb59d7642fc7479508903c

SHA1
b18b201d1c66dafbb2eca2c0785c98e68f41a89a

SHA256
8c6c18e14e4462c7bb767b8e6872ed36181f56ef22ade115dcc824773357449a

SHA512
c651e71f9c25457c7a80d84f79bd24cea291095675ccd0dd8c8ad3d54ecd885a06108b82401d1359d805cf6ae9b8b82802c14943343a0a2223104fa5e7575cad

Download Submit
memory/3360-12-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/3360-14-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/3612-17-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads