Overview

overview

7

Static

static

3

LadonGUI.exe

windows7-x64

3

LadonGUI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2024 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LadonGUI.exe

  • Size

    1.7MB

  • MD5

    20fb25cf16095e3946e9bf50a3bc5435

  • SHA1

    0897c57519d1f73bc576c1f4b1b7eac3e4fab3ce

  • SHA256

    51b64677bb67d04192de4ceac75505d088fa9af95454c60401ca7e75dbec10f8

  • SHA512

    45639d00b4c4777a91586f1ad03d9593fc2f5a4987b20a19209dbbe3f42c69401c2bce2e2aa83306e6cdb890c344f2332879d81e7c3343573158909c9ca398c4

  • SSDEEP

    24576:waip+dftZWuWPXkeelGaTDFSjgWInPcgDuZnY7tq4ziZWzkgz0:jiC6uWfOGDgWBSuug4HzkI

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LadonGUI.exe
    "C:\Users\Admin\AppData\Local\Temp\LadonGUI.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://k8gege.org/Download?gui
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:444 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/k8gege/Ladon?gui
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:232
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:232 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1296
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/k8gege/LadonGo?gui
      2⤵
        PID:2744
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
      1⤵
      • Modifies Internet Explorer settings
      PID:2744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      23c885d47568a0c8ec78d6dcc163d3e6

      SHA1

      5784bd843fecdfcdfdd6c213c092c65613d1f6b4

      SHA256

      c682f97f831992d9fc18392f30e050457a49b6e15de26a1af4459541c2866d80

      SHA512

      329f656e73d533712901b9dd168555670fa8ca2d89aaffbc5e446f734af2eb409c54cbbcfc72b9173a65d413bafc4f74c47d6985ce15767890719c36f6e15fa1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      60692d218cb65a26904d9a2c873a49b7

      SHA1

      b3481949bd7a3666b49b8862cba2f13451da4c02

      SHA256

      b4a3e593b5b83e1b3ac538c4bbfc8eb1aef12b45900b6210dbb162cad2377b5d

      SHA512

      ef9c9c4e2776f4504858f3f614c3b91739315bd127013b62afd2aa476dcd5ac97385ea8a766b4f18ecf5e250734b6944183c8eb2fa3edb53305b25abad75bceb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      16cf855c74b0479db13f6bace62f2f89

      SHA1

      d6951588554a171286d2c308fdcd15bd898bbb73

      SHA256

      a6cc7c64d190b21a87123721f21f58f076dfc5c16370ad3d0b9b1692b9764c54

      SHA512

      af924d3b039a31eb5fe090232435343f80810d376b62298cbb9bbbfe8ffb5e01dc886682532f3ac6fa0b17017baa651da6907eca2b4a8104e7fe7938ba88a40e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47C7BA6D-BDDB-11EE-BD28-4643CEF3E9DE}.dat
      Filesize

      3KB

      MD5

      3cb65eced544bdb88542246cf119be25

      SHA1

      5305d40e66aa82607a8292b73617428e649f3bdf

      SHA256

      97d0d8d94cb955193970cf646ae9a49a00cf9019b5c9f6e393f718b94111bbcb

      SHA512

      d706f152b481195fd862362f74f1f61104117d87f6cdb2f013e2532c128a137e947227310e4b1fb7d6bd12341f81de8148246626e646beed1c3ff34832fce435

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47CA1D1C-BDDB-11EE-BD28-4643CEF3E9DE}.dat
      Filesize

      5KB

      MD5

      d933f9d0a254a15f3194cc86c448955a

      SHA1

      4cac9c17ffc2d03f8575227f6d2751cba84521a2

      SHA256

      8897de04b3c253b7c0a21e572a3f9db79c3ba7479559782b66d0796795c78cf5

      SHA512

      6c768cd6c91b2881460762b4067d8894ca1f261725a8cce96f7e87d8e23d23c44d3760e5c413b5bea0bdd68a2d04af19971b00c125f713cb4cc77a9a4e6296a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDB4C.tmp
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat
      Filesize

      1KB

      MD5

      db37db10abfce3d57d64f56bd749e949

      SHA1

      160b8d9b7c24bcff3138a9b164b7c1fb22274c9f

      SHA256

      6b447e0615142ec12dc3cc06b9e4f191eab280a756d66ed8ab28701445c43ed7

      SHA512

      d9483c6fb6bb9bdb2b3ffa9ed9d8bb900d1caf1060d00c0bb16d1d9b1e4a7f06c634e1f958ec701c26608a9666039faeaff8a06c119f33cc08d806ae8ab58820

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat
      Filesize

      2KB

      MD5

      b2bda8e67882d72045647d3a72b27b54

      SHA1

      38b1fa77308fd47ec73c8447ce4122ff77f83fa3

      SHA256

      a6b0cca791f292382515393aa3a03e174577cffbeccfeca469d5225543c7ae5b

      SHA512

      32fdb2dfbec97bc2d38410bac1f65697cb61343d932ace988deef8161d32f145bd2a20a5f7c109169801488458078f988a1918e5c6f8415207797a9526f9ef65

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\favicon[1].ico
      Filesize

      894B

      MD5

      8770633a3fe58c7d99650b2a0ddf9598

      SHA1

      5293d5577f6e0155c8be8b47e5ba345c62c71faf

      SHA256

      439c90d80eb82e593c44c20d278ae6470766276d79013d53f73ab2d071fc11fe

      SHA512

      e56721e1d73d5e0694bc1c5b68e3fed8ed2b0f249e8132191fa5902735c73d23048d580234faaf23479a93c402371ee6b3b467d0874401a89a94c02fb69fc997

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\favicon[1].png
      Filesize

      958B

      MD5

      346e09471362f2907510a31812129cd2

      SHA1

      323b99430dd424604ae57a19a91f25376e209759

      SHA256

      74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

      SHA512

      a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • memory/2312-5-0x000001A456650000-0x000001A456660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-11-0x00007FFB39C30000-0x00007FFB3A6F1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2312-10-0x000001A4579F0000-0x000001A458147000-memory.dmp

      Filesize

      7.3MB

      Download

    • memory/2312-8-0x000001A456650000-0x000001A456660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-7-0x000001A456650000-0x000001A456660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-6-0x000001A456650000-0x000001A456660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-0-0x000001A43BF10000-0x000001A43C0BC000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2312-4-0x000001A457680000-0x000001A45776C000-memory.dmp

      Filesize

      944KB

      Download

    • memory/2312-3-0x000001A456650000-0x000001A456660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-1-0x000001A43DC30000-0x000001A43DC46000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2312-2-0x00007FFB39C30000-0x00007FFB3A6F1000-memory.dmp

      Filesize

      10.8MB

      Download