a44b106f4f8eab5412968126484f86c6889ef41ed472211dcbbcf1f83e51c01f

Resubmissions

08/03/2024, 05:33

240308-f81g1sgc66 3

08/03/2024, 05:29

240308-f62bjagb97 3

Analysis

max time kernel
1559s
max time network
1562s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main/ShibaGT Gold/BtnCollider.cs
Size

591B
MD5

268c6f59bc5045b5f0d4e17cbd3e63f7
SHA1

4c8263b4f261babefcf323990749e853a8425e01
SHA256

17135f23b9e5da2a77cceb9b7cd5a7d709eed8be4126a0246c32470d627d7852
SHA512

07074b66c75d63fde37ee3690efedc32054837050cc30cfe87f68c9b1d168b7682df9161a2fe738acec2ad81d177542f802065d9d28a043ca9b1bfc8f7c39711

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2480	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2480	AcroRd32.exe
2480	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2480	2204	cmd.exe	29
PID 2204 wrote to memory of 2480	2204	cmd.exe	29
PID 2204 wrote to memory of 2480	2204	cmd.exe	29
PID 2204 wrote to memory of 2480	2204	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\BtnCollider.cs"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Gorilla-Tag-ShibaGT-Gold-Mod-Menu-main\ShibaGT Gold\BtnCollider.cs"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b1694ea23e86545a9da11727b3afa200

SHA1
e778b1b18860f5b68df3b1b33af1a58a71265b74

SHA256
3e8321d6bae4ac49d5602db5f8a39101950bb2e68372d8407d0939799814495f

SHA512
3f7730e038bdea381514705dd6cfde38735896269441d8716002cd18b6ef655d6c512cf46919663e2256ab0e457c5d96e17b3d46548343ae343d352c8178c326

Download Submit