288d839aa1d272e080fbb52ff715ce71f22f795e46225f2794a44efa50e0a8c6

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AngryGoyII.exe
Size

47.9MB
MD5

d7dd891989fdb7b570afa6ab343c112f
SHA1

d985eaf6d60f56add3357e1dae587a86a311acee
SHA256

288d839aa1d272e080fbb52ff715ce71f22f795e46225f2794a44efa50e0a8c6
SHA512

ec67100bcf0a60881426a6215a0e0d64fc7fe64b7a0239369d3e98cdc3434c0bb2d5f3786a2e371127716b0521981c9c7ff10913536c48595bb87e55a84a0ea1
SSDEEP

786432:XPFuDKw9v7KwDhMAZhi/2ahAZQrIgEwNFuiSRlpoAj0GxetnJ+wQgBycTQrKdDNo:+K6MAZhi/2MIFwNF5SRlzj0G4xQkycTq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

pid	Process
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe
2892	AngryGoyII.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2892	AngryGoyII.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2892	AngryGoyII.exe

C:\Users\Admin\AppData\Local\Temp\AngryGoyII.exe
"C:\Users\Admin\AppData\Local\Temp\AngryGoyII.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\AdvDir.mfx

Filesize
12KB

MD5
cd827d3d88759afbcdaa300062e3cbb6

SHA1
d2e4b9275ee046d1420fe69791941c002c66d3e4

SHA256
00c1bca2512b0d6278afd9bde4693348497238a233950621502962fd4b5df8ea

SHA512
30569c2cd796ab336d7feb7abef53bcb7dc95d98628946aced4ccc00e505aacae641ccda5a4ae7e4bbd32e5aa28402b4863d3f03b9d30ae57d16db768a46d5fb

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\ForEach.mfx

Filesize
73KB

MD5
2dabe793c09bf89d1804a5782e1eb755

SHA1
4644b57822ce69065b12708a00a1c855a6808dd4

SHA256
2e3b169f989ce609b2dc4aa052343937badb1fbe41a702bf8327af9912d935b2

SHA512
733249817df2e511d14d855a229ea4bd1383d2659504aae6e3855117c4fd13beb19db1fafce752c9913f8c3341f62d03bb8d37619317be55580dd04a44b02977

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\KcArray.mfx

Filesize
32KB

MD5
454ced31d695ea4f83db1ff81ab5cce2

SHA1
a1d1d16f66d4ba77ffbb46c2c703135b6abbb68f

SHA256
16f507da7814a6105122cbc5a881ee558dafdcd0edc57dcdbce6798aa9dd68ec

SHA512
4f6b36cb7d26cc5623e1608cd061f71bef7c2b67061e6ed4bd55fe09e4971f8099be704ce58c0e5d80329a3396ab82c25502867e6d6a0451913a420279983d9e

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\Layer.mfx

Filesize
122KB

MD5
7401110a97ed26241ce133b52fe2abba

SHA1
2925536e1e15c132c6e11bc16e98ccc67993c2b4

SHA256
7da10d503a890cb3a9b653c5747717aba906bf26079f3038edd2b7177a59ed35

SHA512
887a0f2c428734d32bad868e8ac529f8196672356d9e6139406c0805ae3fd8c6fe04393d7f5c9018f527b60bb84741a0ac8ff0329035f50c27deec36093062c6

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\XBOXGamepad.mfx

Filesize
64KB

MD5
1e66d9b53e22a5057dda3d6d8ff6ddd3

SHA1
cc24d9b99dfd289e0f350a010d5db0df81aca4c0

SHA256
4c0b333a1e55721d40609134a76d3fdbc62485d0c20f7faf34e229054da18b96

SHA512
265adba42c17ca02aed7720835043828c421d2fb8a0fe71a2f022fee99560c180cd67759873bdd24d973b547adb0960bc1b33246e5117674aa26526c6c914833

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\adshow.mfx

Filesize
40KB

MD5
02b89ffb32c8c8db48732d61ea7587d2

SHA1
42bc7b220123d2f1e2af88f9e37f53b6da6cc437

SHA256
c05b7b5fe45a20106ba776eec22dcbb606422edcae00942968cfd1f61046fc4c

SHA512
e07e8e95e0cedb27f654b040c9880234ad3ee01d3a30ab5c69b6ebae46d2efb0de689bcd1d9d1feaad4b6fe3583eacea2cb09bbcece3ce07399ff04a1f2870db

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\aiffflt.sft

Filesize
6KB

MD5
a9d967ec972eb6e073068ac2da0075bf

SHA1
dc0e6751c7abcb58258d0c7c4fffc382768a0fe6

SHA256
5c00a02a5c0084a6681d34e97f8dacb80742c7e1ea1682a9d7efc9723e970dee

SHA512
71eb106fe9f71c2f7fb0cce5bed0b67e8092f47311516bd18fac73ddab7e6bc93f40398043cc0aef6385cd8256c6c53f36ba0a38ec46d75e0befb14365ee9aa8

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\clickteam-movement-controller.mfx

Filesize
34KB

MD5
5fda00a9e5494366397111db051b6967

SHA1
8911beb147549d89d305badb43dd8211b9476668

SHA256
f42cf8a06f597308c9e5afe6aca52d229f769f5afa0162f87785fcc2a822efbf

SHA512
1208fb5348e6de659acea85eb4c94104b959b83aacc8876b766c18d925854d02b0634df8dfa60d09314f60925565614ead08e71d93057cfa8122f6e2f788763a

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\clickteam-vector.mvx

Filesize
32KB

MD5
1d0f01e96da6115e25160301901b6d14

SHA1
76e1684f03746f147fb701de87d09e63d302911a

SHA256
67a1ebbd388887326e40d0b097cc88d829a547079de8f6ff0af72abc97e0f57d

SHA512
ed39b9f84171c5fe98395a94ef65066e4ee4ccfc6418bcb13b4219fa9db8ff970bbe2a9ece47ed841bfb6b175afef24f33193a8a1fabd9a5f846aa3f0844f55b

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\ctrlx.mfx

Filesize
44KB

MD5
ceb8b2e522d0aaaecdf69b3bcc89a530

SHA1
c1cf769a96a9612f7fd0c1965413f4a57e4907e1

SHA256
3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65

SHA512
3c46743c635eb96351e6a82490cececb24e6a104433c962f263ec01cf78fa9747d4f56d05c3085c0a18eff7c180b145df5e8e74bc008fe2f617f7f4c24be0331

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\kcfile.mfx

Filesize
36KB

MD5
beef4558c23ca51176a3ec1465cff89d

SHA1
a8dda22b337ee4ff6f572603db69f0f6adb6f227

SHA256
daa25c6b2633009f655c0ea0503602ea220f9a5788e3ac7ca11c209be3246333

SHA512
4ce528b244b4e125e61e67094c8c8041a2450db2aba2f95bd6f4b503116439b9b8dbe462c1199fe42c3687432d4475a77bf0730b5cecf8578856ee5b0e112c2a

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
ba4baf4220ede3a3bd32123e9c0fd952

SHA1
e1186c6746d67e42fc57f72a6ed07e600755305e

SHA256
a38d94169881d68a20c5031895492fa2bae58e70332b2f08fca79e62f4359edd

SHA512
55827a02e2617bc94b9990ff348d893eda39fdc6251abe506e0ac1f656ac2cd9bdae8197de437b277c434482e8a1c6782f7ab5b8993d1aa0b779d21b6349dece

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\mmfs2.dll

Filesize
460KB

MD5
4758d460ecbb307ed90d59643046f00b

SHA1
2bd87c39f97b73b9db6d205bb10ae37eb82f2372

SHA256
3293a93c6d8a2ce529538fbdd2a81dc623fc40464efdb5348c8e039788ad1b22

SHA512
970a44102539ed3116c125bfcf9075e3acb8f710a338ff8ba881bbebf5111d236b3c27bf325a77d83d295aba8e836439fb6fd54a899e3ef075e1e45b6e2a1fdb

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\modflt.sft

Filesize
139KB

MD5
6e5eb546f1d4c9b14bb7caba03511bb7

SHA1
fe8ada3a3abe687c8ef8cd2e0216d73827041241

SHA256
e1744d0a36f01213f79a3db6e062f2d5ced5d78e7a4cd5770ec63669ffef2779

SHA512
ca6e57d7974247179f3974260d2b401ea78a9af0e80c616d67252392dd8fe3cfaff4a3a93019ab0c501111f985da588365e5d5aee2977ce48596edaa807366bb

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\mp3flt.sft

Filesize
24KB

MD5
f0ebc8596156d8ebf6201a10f9864305

SHA1
0efd689d027d2d592369c3585cdd9a0b879e6562

SHA256
fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

SHA512
7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\oggflt.sft

Filesize
130KB

MD5
3c63ea4611008fbcf86435559e9dffab

SHA1
fdc9c6302fcc427530b2dbff63aad1b6d204125a

SHA256
9efb0b4cff5bb033cf1e04bdeabc581db7d787399c5238f4fb40a1e820aac6b8

SHA512
938c6ebbd0a7248f32bc83d2548791b35764417a74728b8b861d2bd539c182ced6f5168a604679e20c150dc6741fd6868768e7d1ffce224667546d3ea80787d3

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\pathfind.mfx

Filesize
140KB

MD5
00f718ad2ae750451cb5aa691939a46b

SHA1
68d2319db0667f58bd5178b1075e7fc7d8319ece

SHA256
0d017201a44510ad135a5e69606eee471f863158445aaa122fe29c719dbe0fa8

SHA512
b01548334ba30a2567217b63fdea236431dc16b88bbb31436dbac75a21cd18d32bd1a06b397dc79efa33c12bee30e4ba5edb0b41812a065c25239fd62f2ef5af

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\ultimatefullscreen.mfx

Filesize
73KB

MD5
96059dbec69c3904e4d7ce734a4b38d0

SHA1
5169934f8d89b0dba963861dcbae55e78fc21dfc

SHA256
fd179783ff6e6eb0959185087f33ed4a1b256e58762d9817bcb16888e20f7058

SHA512
82977b2c249e47ca37d6fd62f416ed995b4b5f953bc5c18c84bfbdacc2c5b17fdc50c1e736fafcac242a3f8921b5000e0ec84302bc4e0077d6eeee3aa43cc520

Download Submit
\Users\Admin\AppData\Local\Temp\mrtA5E0.tmp\waveflt.sft

Filesize
8KB

MD5
5230a9c12b9829c9fd333cd8b0620011

SHA1
0becf7512f498c18af3b9943a4b2556a769cc8eb

SHA256
98134d326a09569bd5933ffcb026009575509a1bfc20384ef8eebb762aabcd38

SHA512
1a6a5a72fed0458152ca830941b3d07e448bb588fc61a24c97561833b882e23a529a0a78036732cca95013170a46cc5444a4d642bf05a4fa5a474d51d40789d5

Download Submit
memory/2892-32-0x00000000001F0000-0x0000000000207000-memory.dmp

Filesize
92KB

Download
memory/2892-59-0x0000000002400000-0x0000000002453000-memory.dmp

Filesize
332KB

Download
memory/2892-64-0x00000000023C0000-0x00000000023E4000-memory.dmp

Filesize
144KB

Download