a44b106f4f8eab5412968126484f86c6889ef41ed472211dcbbcf1f83e51c01f

Resubmissions

08/03/2024, 05:33

240308-f81g1sgc66 3

08/03/2024, 05:29

240308-f62bjagb97 3

Analysis

max time kernel
1563s
max time network
1564s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main/ShibaGT Gold/GTAG_NotificationLib/NotifiLib.cs
Size

4KB
MD5

0246eefcce11ac1b7e4004b3d022ef67
SHA1

0ea0acc1a51269ddb63159e9250f1a30e0aeaa89
SHA256

d0924d75bf111d159a914217c14c520e8e1f6437d41fd46a6cb493e21ee41ce2
SHA512

80fba3e54022795f643ab4567cdd96568e6cd0ec366fcc353fdd9d7ad4bddb34a8a98cdf5debd75b0e3976233ee0c7c21b1fadb2148f98ae4c222d2d47760408
SSDEEP

96:Jo2jgrgzgkgDzgK05jCrKIlaES4ONh2HHJXfOlhUry7Wy3sxDEa:DjgrgzgkgDzgxjCrKIkp4ih2nJXfOM26

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2448	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2448	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2448	AcroRd32.exe
2448	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2448	1220	cmd.exe	29
PID 1220 wrote to memory of 2448	1220	cmd.exe	29
PID 1220 wrote to memory of 2448	1220	cmd.exe	29
PID 1220 wrote to memory of 2448	1220	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\GTAG_NotificationLib\NotifiLib.cs"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\GTAG_NotificationLib\NotifiLib.cs"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0935f2c05809016d187cb15ba61d09bc

SHA1
b3fbd15ee402e9d99760db8443f1af09befc2f5e

SHA256
fa97c16aa5ee59e12fd15e424b0729932475e3fb076cfad8c5e7296476f4e1a6

SHA512
c8fce2c7c1d43efab61807a0de41cd30537d97f87a022966e048d141196caa5c2a3d2e0fa574957216c02971e502ef0d1479aa144d96082b5dab1bd06e6504f4

Download Submit