Overview
overview
10Static
static
7MyMalwareD...og.exe
windows7-x64
7MyMalwareD...og.exe
windows10-2004-x64
7$1/1337/Frog.exe
windows7-x64
3$1/1337/Frog.exe
windows10-2004-x64
3$1/1337/php5ts.dll
windows7-x64
1$1/1337/php5ts.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3MyMalwareD...ry.exe
windows7-x64
1MyMalwareD...ry.exe
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
7MyMalwareD...1).exe
windows10-2004-x64
7MyMalwareD...ge.exe
windows7-x64
1MyMalwareD...ge.exe
windows10-2004-x64
1MyMalwareD...64.exe
windows7-x64
1MyMalwareD...64.exe
windows10-2004-x64
1MyMalwareD...re.exe
windows7-x64
10MyMalwareD...re.exe
windows10-2004-x64
10MyMalwareD...ck.bat
windows7-x64
1MyMalwareD...ck.bat
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
1MyMalwareD...1).exe
windows10-2004-x64
MyMalwareD...1).exe
windows7-x64
8MyMalwareD...1).exe
windows10-2004-x64
8MyMalwareD...rn.exe
windows7-x64
3MyMalwareD...rn.exe
windows10-2004-x64
3Sulfoxide/...de.exe
windows7-x64
Sulfoxide/...de.exe
windows10-2004-x64
Sulfoxide/...es.exe
windows7-x64
Sulfoxide/...es.exe
windows10-2004-x64
Sulfoxide/...64.exe
windows7-x64
7Sulfoxide/...64.exe
windows10-2004-x64
7Analysis
-
max time kernel
157s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 20:38
Behavioral task
behavioral1
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$1/1337/Frog.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/1337/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$1/1337/php5ts.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$1/1337/php5ts.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/GonnaCry/GonnaCry.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/GonnaCry/GonnaCry.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Losange/Losange.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Losange/Losange.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Monoxidex64.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Monoxidex64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/NightMare.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/NightMare.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/REGFuck.bat
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/REGFuck.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NoEscape (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NoEscape (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Protactinium (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Protactinium (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Saturn.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Saturn.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Sulfoxide/Sulfoxide.exe
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
Sulfoxide/Sulfoxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Sulfoxide/vcredist_x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Sulfoxide/vcredist_x64.exe
Resource
win10v2004-20240226-en
General
-
Target
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
-
Size
5.2MB
-
MD5
6128546e25df18564f28f6d593c51d76
-
SHA1
b18cdfcb8ea1b70a08ce9925ab0f4ed99ce5c50a
-
SHA256
c99f3878b0b04624af3c1c452a4f9a86d3ef0496383f9f173587cf6f14eae55a
-
SHA512
019a3bdce86e5e5c374502a761855f577f8d742932e86f5d85ca4975c41ac94378a7d5c07e8a357c6e0de7f114914d8666780fa3f4b09a85a902fcf24cf32a35
-
SSDEEP
98304:OZEVrN/30MkE0bGDdFXm3BpqZdolLF4axzDPv9uVlDD23iX8pbelR00:OZcrh3D0iD7mpqZdolLXzTvytwm1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Frog.exepid process 1724 Frog.exe -
Loads dropped DLL 3 IoCs
Processes:
Frog.exeFrog.exepid process 2224 Frog.exe 2224 Frog.exe 1724 Frog.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Frog.exedescription pid process target process PID 2224 wrote to memory of 1724 2224 Frog.exe Frog.exe PID 2224 wrote to memory of 1724 2224 Frog.exe Frog.exe PID 2224 wrote to memory of 1724 2224 Frog.exe Frog.exe PID 2224 wrote to memory of 1724 2224 Frog.exe Frog.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe"C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Users\Admin\AppData\Roaming\1337\Frog.exe"C:\Users\Admin\AppData\Roaming\1337\Frog.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.9MB
MD53795c616673a8c7cca3569f1e349878a
SHA1a460cbf89201a8206c5f20c6bc5f1de9493560c8
SHA256a3b1386d520ee5fc50f99070d31580f42ef654bddc8e0392d162f53387803720
SHA51209309711bdc4f0a93879e43f5061a77cd54c7a33e6dc98b159c87f5f5eb4aa676763dab6538bb4ce95a983727496f4dba21d5883efe277b7a354b5032ee6ac9d
-
Filesize
11KB
MD52ae993a2ffec0c137eb51c8832691bcb
SHA198e0b37b7c14890f8a599f35678af5e9435906e1
SHA256681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
SHA5122501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
-
Filesize
4.3MB
MD541e75c80873b0ca18d56ddaba4c5aadd
SHA11d0423d6e66a4739db22939e1c16bcdc7eaa9746
SHA256b7d4eef3fa0244a3618b3d60eab9a3ebaf1f8ec5cce9598d37e99b9d7a988cec
SHA512402de19c72015fefefe02347fad8907762c991538c4ef7aa6b646c90d6fd7aadadcdb8be9f03d78a1b7cec712516faa318fde738b52dfa7b3aaa34219f2d1530
-
Filesize
3.5MB
MD587ebee0820c5b78783d40d0a11a14cb1
SHA14f20d54b8ab61d05b106573e4c5cc2220759c0ab
SHA256fb25bbd896683326478b14173386fa3cbc2aeafc6cbb16f641a3936a0dc505e5
SHA512f6cb9e9f60f5486ab5e6ca4a84a054f58f7706f00c8c8b34126dc2318eb8810bce822e1af55f80da1cc6f5ff0c10cfceba8605575bd6870488ad2c8a9ef75e8b