Overview

overview

4

Static

static

1

Git-2.29.2...it.exe

windows7-x64

4

Git-2.29.2...it.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    142s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Git-2.29.2.2-64-bit.exe

  • Size

    46.3MB

  • MD5

    77b453522525550cc43e9ac84706df8b

  • SHA1

    a3d2e40b95113d45de8977c54a790a948cce879b

  • SHA256

    9ab49d93166d430514b0aaf6dda3fdc6b37e2fe1d0df8ecc04403cd2be40e78b

  • SHA512

    da4445567e477a6bcd967a881de373577110df3d78afb07c2d1577ec9f58317817eccd4f3aa3578f3bbe8171f11edbd0564d3f6962ca86bcd06827f8dbb784f8

  • SSDEEP

    786432:5lbkYkIYrV3U5UGp9AJ37aYmWllU8B1CoYUHbB5i6feNDip4wEJ7RMfL41yOjuu:5NkYkIYrV3U5UGXwG4UO1SUHbB81OWwO

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Runs net.exe
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe
    "C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\is-345HK.tmp\Git-2.29.2.2-64-bit.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-345HK.tmp\Git-2.29.2.2-64-bit.tmp" /SL5="$400F8,47876635,224256,C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe" /D /C .\mingw64\bin\git.exe config -l -z -f "C:\ProgramData\Git\config" >"C:\Users\Admin\AppData\Local\Temp\is-R7M5H.tmp\git-config-get.txt"
        3⤵
          PID:2624
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe" /D /C .\mingw64\bin\git.exe config -l -z --system >"C:\Users\Admin\AppData\Local\Temp\is-R7M5H.tmp\git-config-get.txt"
          3⤵
            PID:2632
          • C:\Windows\system32\cmd.exe
            "C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-R7M5H.tmp\net-session.txt"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2660
            • C:\Windows\system32\net.exe
              net session
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:2724
              • C:\Windows\system32\net1.exe
                C:\Windows\system32\net1 session
                5⤵
                  PID:2728

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-345HK.tmp\Git-2.29.2.2-64-bit.tmp
          Filesize

          1.2MB

          MD5

          3757d938b40a82c414246df2cd96b6a1

          SHA1

          7f0ca5572e2fe1608d540022ef97e32818ecb359

          SHA256

          45160b5d1a8dbc8734926b36fe36b7036d9fe1341e199f91b10441d73ff747b6

          SHA512

          b593c8f420fd25ec280b014383fc78e1e376e1b578609e9b02c7187fc96bc02af39bd9ccc21cc92fbec9c33deb13446a462df76533493af051abd67e24a31253

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-345HK.tmp\Git-2.29.2.2-64-bit.tmp
          Filesize

          1.2MB

          MD5

          3757d938b40a82c414246df2cd96b6a1

          SHA1

          7f0ca5572e2fe1608d540022ef97e32818ecb359

          SHA256

          45160b5d1a8dbc8734926b36fe36b7036d9fe1341e199f91b10441d73ff747b6

          SHA512

          b593c8f420fd25ec280b014383fc78e1e376e1b578609e9b02c7187fc96bc02af39bd9ccc21cc92fbec9c33deb13446a462df76533493af051abd67e24a31253

          Download Submit

        • memory/2320-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2320-13-0x0000000000400000-0x0000000000547000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2320-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2376-1-0x0000000000400000-0x0000000000441000-memory.dmp

          Filesize

          260KB

          Download

        • memory/2376-11-0x0000000000400000-0x0000000000441000-memory.dmp

          Filesize

          260KB

          Download