Overview
overview
10Static
static
3ggpermV3/A...64.exe
windows10-1703-x64
1ggpermV3/F...er.bat
windows10-1703-x64
1ggpermV3/N...on.dll
windows10-1703-x64
1ggpermV3/S...UI.dll
windows10-1703-x64
1ggpermV3/T...er.exe
windows10-1703-x64
ggpermV3/a...64.sys
windows10-1703-x64
1ggpermV3/g...to.lnk
windows10-1703-x64
3ggpermV3/ggpermV3.exe
windows10-1703-x64
10ggpermV3/m...er.bat
windows10-1703-x64
1ggpermV3/s...er.exe
windows10-1703-x64
1ggpermV3/s...er.exe
windows10-1703-x64
1ggpermV3/woof.bat
windows10-1703-x64
8Resubmissions
22-03-2024 00:33
240322-awglgsff8s 1022-03-2024 00:29
240322-atdrtaff4z 822-03-2024 00:14
240322-ajp24afd9s 10Analysis
-
max time kernel
231s -
max time network
300s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
22-03-2024 00:14
Static task
static1
Behavioral task
behavioral1
Sample
ggpermV3/AMIDEWINx64.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
ggpermV3/Final_Cleaner.bat
Resource
win10-20240221-en
Behavioral task
behavioral3
Sample
ggpermV3/Newtonsoft.Json.dll
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
ggpermV3/Siticone.UI.dll
Resource
win10-20240221-en
Behavioral task
behavioral5
Sample
ggpermV3/Trinity Cleaner.exe
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
ggpermV3/amifldrv64.sys
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
ggpermV3/ggpermV3 - Acceso directo.lnk
Resource
win10-20240221-en
Behavioral task
behavioral8
Sample
ggpermV3/ggpermV3.exe
Resource
win10-20240221-en
Behavioral task
behavioral9
Sample
ggpermV3/macchanger.bat
Resource
win10-20240214-en
Behavioral task
behavioral10
Sample
ggpermV3/sxghr-driver.exe
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
ggpermV3/sxghr-driver.exe
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
ggpermV3/woof.bat
Resource
win10-20240221-en
General
-
Target
ggpermV3/ggpermV3 - Acceso directo.lnk
-
Size
1KB
-
MD5
5c38f8ff26159636728fa620a07eb5f3
-
SHA1
f1a901f597849916c93598279d7a648070751771
-
SHA256
1e915274b105e858d0f63ff2273c46791828dd65694c92b8f0f60f9c82bf3ab0
-
SHA512
260a90915f39ee7c00ac0f7a8391c282f318b0932c0e49dac975bd5ea43f9b46537e0c67449cc50cce89e62efcf411af768b305ee391eeca9f566277e360b3dd
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2812 wrote to memory of 4896 2812 cmd.exe ggpermV3.exe PID 2812 wrote to memory of 4896 2812 cmd.exe ggpermV3.exe PID 2812 wrote to memory of 4896 2812 cmd.exe ggpermV3.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3 - Acceso directo.lnk"1⤵
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe"C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe"2⤵PID:4896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4896-2-0x0000000000940000-0x0000000000956000-memory.dmpFilesize
88KB
-
memory/4896-3-0x0000000073FF0000-0x00000000746DE000-memory.dmpFilesize
6.9MB
-
memory/4896-4-0x0000000005610000-0x0000000005B0E000-memory.dmpFilesize
5.0MB
-
memory/4896-5-0x00000000051B0000-0x0000000005242000-memory.dmpFilesize
584KB
-
memory/4896-6-0x0000000005130000-0x0000000005140000-memory.dmpFilesize
64KB
-
memory/4896-7-0x00000000076D0000-0x00000000076DA000-memory.dmpFilesize
40KB
-
memory/4896-8-0x0000000007880000-0x00000000079CE000-memory.dmpFilesize
1.3MB
-
memory/4896-9-0x00000000076C0000-0x00000000076D4000-memory.dmpFilesize
80KB
-
memory/4896-10-0x0000000005130000-0x0000000005140000-memory.dmpFilesize
64KB
-
memory/4896-11-0x0000000073FF0000-0x00000000746DE000-memory.dmpFilesize
6.9MB
-
memory/4896-12-0x0000000005130000-0x0000000005140000-memory.dmpFilesize
64KB
-
memory/4896-13-0x0000000005130000-0x0000000005140000-memory.dmpFilesize
64KB