15ba48e43afbe0d0ba05d7befbfd4073c459d3335280c5885ecd2cb9f07b7970

Resubmissions

22-03-2024 00:33

22-03-2024 00:29

22-03-2024 00:14

max time kernel
231s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
22-03-2024 00:14

Target

ggpermV3/ggpermV3 - Acceso directo.lnk
Size

1KB
MD5

5c38f8ff26159636728fa620a07eb5f3
SHA1

f1a901f597849916c93598279d7a648070751771
SHA256

1e915274b105e858d0f63ff2273c46791828dd65694c92b8f0f60f9c82bf3ab0
SHA512

260a90915f39ee7c00ac0f7a8391c282f318b0932c0e49dac975bd5ea43f9b46537e0c67449cc50cce89e62efcf411af768b305ee391eeca9f566277e360b3dd

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2812 wrote to memory of 4896	2812	cmd.exe	ggpermV3.exe
PID 2812 wrote to memory of 4896	2812	cmd.exe	ggpermV3.exe
PID 2812 wrote to memory of 4896	2812	cmd.exe	ggpermV3.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3 - Acceso directo.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe
"C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe"
2⤵
PID:4896

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4896-2-0x0000000000940000-0x0000000000956000-memory.dmp

Filesize
88KB

Download
memory/4896-3-0x0000000073FF0000-0x00000000746DE000-memory.dmp

Filesize
6.9MB

Download
memory/4896-4-0x0000000005610000-0x0000000005B0E000-memory.dmp

Filesize
5.0MB

Download
memory/4896-5-0x00000000051B0000-0x0000000005242000-memory.dmp

Filesize
584KB

Download
memory/4896-6-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/4896-7-0x00000000076D0000-0x00000000076DA000-memory.dmp

Filesize
40KB

Download
memory/4896-8-0x0000000007880000-0x00000000079CE000-memory.dmp

Filesize
1.3MB

Download
memory/4896-9-0x00000000076C0000-0x00000000076D4000-memory.dmp

Filesize
80KB

Download
memory/4896-10-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/4896-11-0x0000000073FF0000-0x00000000746DE000-memory.dmp

Filesize
6.9MB

Download
memory/4896-12-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/4896-13-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download