Overview

overview

10

Static

static

3

ggpermV3/A...64.exe

windows10-1703-x64

1

ggpermV3/F...er.bat

windows10-1703-x64

1

ggpermV3/N...on.dll

windows10-1703-x64

1

ggpermV3/S...UI.dll

windows10-1703-x64

1

ggpermV3/T...er.exe

windows10-1703-x64

ggpermV3/a...64.sys

windows10-1703-x64

1

ggpermV3/g...to.lnk

windows10-1703-x64

3

ggpermV3/ggpermV3.exe

windows10-1703-x64

10

ggpermV3/m...er.bat

windows10-1703-x64

1

ggpermV3/s...er.exe

windows10-1703-x64

1

ggpermV3/s...er.exe

windows10-1703-x64

1

ggpermV3/woof.bat

windows10-1703-x64

8

Resubmissions

22-03-2024 00:33

240322-awglgsff8s 10

22-03-2024 00:29

240322-atdrtaff4z 8

22-03-2024 00:14

240322-ajp24afd9s 10

Analysis

  • max time kernel
    1s
  • max time network
    251s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-03-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ggpermV3/macchanger.bat

  • Size

    2KB

  • MD5

    c0b8d81370dd4defc9317dc6c204d581

  • SHA1

    fa2b6a292c398d2a2febbdddcf39a62ffbb6fb23

  • SHA256

    4d8d40a7e435fc815d088d7309a6bece3a9d798b4fb8170ca3d9c4c7c8c6784f

  • SHA512

    271552179a651414d8b321017a8675a1cd09ac83394cc014453d28f1837b60db657b1d75362af71d075b1f4e33ac5eedf6556a43709589a6159c4d0ef2d00828

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ggpermV3\macchanger.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wmic nic where physicaladapter=true get deviceid | findstr [0-9]
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4756
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic nic where physicaladapter=true get deviceid
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4404
      • C:\Windows\system32\findstr.exe
        findstr [0-9]
        3⤵
          PID:2980
      • C:\Windows\system32\reg.exe
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\01
        2⤵
          PID:768
        • C:\Windows\system32\reg.exe
          REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\001
          2⤵
            PID:1068
          • C:\Windows\system32\reg.exe
            REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001
            2⤵
              PID:684
            • C:\Windows\system32\reg.exe
              REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001 /v NetworkAddress /t REG_SZ /d 0AAD1B6D2649 /f
              2⤵
                PID:3400
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c wmic nic where physicaladapter=true get deviceid | findstr [0-9]
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:200
                • C:\Windows\System32\Wbem\WMIC.exe
                  wmic nic where physicaladapter=true get deviceid
                  3⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:3356
                • C:\Windows\system32\findstr.exe
                  findstr [0-9]
                  3⤵
                    PID:4924
                • C:\Windows\system32\reg.exe
                  REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\01
                  2⤵
                    PID:4516
                  • C:\Windows\system32\reg.exe
                    REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\001
                    2⤵
                      PID:4572
                    • C:\Windows\system32\reg.exe
                      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001
                      2⤵
                        PID:3420
                      • C:\Windows\system32\reg.exe
                        REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001 /v PnPCapabilities /t REG_DWORD /d 24 /f
                        2⤵
                          PID:2808
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c "wmic nic where (netconnectionid like '%') get netconnectionid,netconnectionstatus /format:csv"
                          2⤵
                          • Suspicious use of WriteProcessMemory
                          PID:520
                          • C:\Windows\System32\Wbem\WMIC.exe
                            wmic nic where (netconnectionid like '%') get netconnectionid,netconnectionstatus /format:csv
                            3⤵
                              PID:2160
                          • C:\Windows\system32\netsh.exe
                            netsh interface set interface name="Ethernet" disable
                            2⤵
                              PID:4616
                          • \??\c:\windows\system32\svchost.exe
                            c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
                            1⤵
                              PID:3524
                            • \??\c:\windows\system32\svchost.exe
                              c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                              1⤵
                                PID:4548

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads