a44b106f4f8eab5412968126484f86c6889ef41ed472211dcbbcf1f83e51c01f

Resubmissions

08/03/2024, 05:33

240308-f81g1sgc66 3

08/03/2024, 05:29

240308-f62bjagb97 3

Analysis

max time kernel
1563s
max time network
1564s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main/ShibaGT Gold/Displyy_Template/UI/WristMenu.cs
Size

82KB
MD5

a098f0602da2189dc2f61b41e8c0884b
SHA1

02bf017fc5fd87c5c0297b6cdba2397dc55318dd
SHA256

4e8cfa95bba502f9f4c2792aa360bcc7862d646794eaa4c5222f47486dfe09da
SHA512

ea6f6681f077cf5e56199b0b4569dd96f46c4b2be02b1d3fa1dbd55266e80e42529e8389641e309ea97cac24c8fb7d0a6a47b421745c9f278797cfac3a8df0cc
SSDEEP

768:7VfJriVnsagwHl/noEUryKNNEry2MbfJ0Xa1y4iilNQewFSRMZ2OlJR25lkZdyVh:lp2BkUeWZdfA5MVK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2580	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2580	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2580	AcroRd32.exe
2580	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2580	2172	cmd.exe	29
PID 2172 wrote to memory of 2580	2172	cmd.exe	29
PID 2172 wrote to memory of 2580	2172	cmd.exe	29
PID 2172 wrote to memory of 2580	2172	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\Displyy_Template\UI\WristMenu.cs"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\Displyy_Template\UI\WristMenu.cs"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bb5ed72e76315d2ef2f989f0d876dbeb

SHA1
9346cb319794db19d67976cb458885bd0c71c4c3

SHA256
9644bdb21428ed0fd162edc97794d711250f312a44b19d453ceafa43381badac

SHA512
ce160cc2e336caf72d726cf8b577397051aa648d02593452ff91612c42fb160cdb0bcbbd3c7f5e48eedf221fc5ec6bf991e52d91d42b83a0aa8b96fd697e4a75

Download Submit