55ff30c07971eb38976e968567f399606ff7fde185ccb6269e152290510e1d5f

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1388d2341e92127dfa45e430ccaf39ea.exe
Size

1.0MB
MD5

1388d2341e92127dfa45e430ccaf39ea
SHA1

9f57b33e484997daea38700b2722935cecaccfa8
SHA256

55ff30c07971eb38976e968567f399606ff7fde185ccb6269e152290510e1d5f
SHA512

636750cb93cd34dca5ecaeeac71b4f57adbc41ffdb0b0f3a71cd62ea98c08110f341d27ab136e5699143310a5f812bd378f47fe790914523926811e2367d1018
SSDEEP

24576:pMM7OWkMM7OW40DBq1PXTvgUB7OWjxpV7OWtvr6eYifmgiH59KgwpY5D:pM3Mf0spjIU5b6Qfml59Kgw2D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1900	gooinjector.exe

Loads dropped DLL 2 IoCs

pid	Process
2392	1388d2341e92127dfa45e430ccaf39ea.exe
2392	1388d2341e92127dfa45e430ccaf39ea.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe
1900	gooinjector.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1900	2392	1388d2341e92127dfa45e430ccaf39ea.exe	28
PID 2392 wrote to memory of 1900	2392	1388d2341e92127dfa45e430ccaf39ea.exe	28
PID 2392 wrote to memory of 1900	2392	1388d2341e92127dfa45e430ccaf39ea.exe	28
PID 2392 wrote to memory of 1900	2392	1388d2341e92127dfa45e430ccaf39ea.exe	28

C:\Users\Admin\AppData\Local\Temp\1388d2341e92127dfa45e430ccaf39ea.exe
"C:\Users\Admin\AppData\Local\Temp\1388d2341e92127dfa45e430ccaf39ea.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe
  "C:\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe

Filesize
360KB

MD5
84fbbc753e0e0e04ab4a89a8a5c98d54

SHA1
3ba83e5db5ec42d52052731e8227188b9f4ae4a5

SHA256
afa814d60623ea1d3d702cdfbd1200ba7a439af65b981716560f8fd17a4a1529

SHA512
63571ac10c332a88fc4f3d6a589da69336703ab053a9fffe3fcf2347faa8f5267406d4ec61c6329d249a67a920145d472d97b3263861a01e1a99a5a413b37144

Download Submit
C:\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe

Filesize
185KB

MD5
ff8eedde18bd53fc82ba9cd4277bb5ca

SHA1
ab40491a7b608cd8c18023c9964e5508062623d9

SHA256
ebfbc07cb243084c489cb983972af94cc16fe7282187daddfe34c2409356d110

SHA512
00994fdebde0e3b5e87c39c9e4c70a315cc92e48a08c81a6847ad1d2a5afa1d66be72a6b0e3d0138a8065f62f66a4eef097848a94fc280307df1423709cbc59b

Download Submit
\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe

Filesize
479KB

MD5
ea77ba845df830b3459fe45b2c492b46

SHA1
e996f441d64ddd37fa5df0f02796a6cfd4bbf1bb

SHA256
a7cc331203be94f07b63b25b55be25785b9936a32f12dba0a88be53a19364081

SHA512
2c548e06af91a1a3527eb5282b4ebfaca764d6899470e9257c565b0ba6e61a3f368d712cc66aa06ea8ebeb235d369e7707ca1ec46d356479f6852f551f164146

Download Submit
\Users\Admin\AppData\Local\Temp\~sfx0057E23EE3\gooinjector.exe

Filesize
554KB

MD5
8a26ca194f9b762b596f0c93fdf48e82

SHA1
b2f034df7d4326822fb9e478a58630fd3ef3cdb3

SHA256
f1c7e5376ca14bfab478d2cb49f5263f2b1d0eccd09a90c8e247bb091e6d54fe

SHA512
3214e4934f73d3157a1c72a9af11055aaca4ca3dfcc579f071469203ebe726dcea747117b1433f285ef7f552efac96e1af793a874938e867217df0f936a06e72

Download Submit
memory/1900-14-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1900-16-0x0000000000400000-0x00000000004DE000-memory.dmp

Filesize
888KB

Download
memory/1900-19-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2392-15-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download