Overview

overview

8

Static

static

3

ggpermv3_1.rar

windows10-1703-x64

7

READ ME!!!!.txt

windows10-1703-x64

1

ggpermV3/A...64.exe

windows10-1703-x64

1

ggpermV3/F...er.bat

windows10-1703-x64

1

ggpermV3/N...on.dll

windows10-1703-x64

1

ggpermV3/S...UI.dll

windows10-1703-x64

1

ggpermV3/T...er.exe

windows10-1703-x64

8

ggpermV3/a...64.sys

windows10-1703-x64

1

ggpermV3/g...to.lnk

windows10-1703-x64

3

ggpermV3/ggpermV3.exe

windows10-1703-x64

8

ggpermV3/m...er.bat

windows10-1703-x64

1

ggpermV3/s...er.exe

windows10-1703-x64

1

ggpermV3/s...er.exe

windows10-1703-x64

1

ggpermV3/s...er.pdb

windows10-1703-x64

3

ggpermV3/s...g.json

windows10-1703-x64

3

ggpermV3/woof.bat

windows10-1703-x64

8

Resubmissions

22-03-2024 00:33

240322-awglgsff8s 10

22-03-2024 00:29

240322-atdrtaff4z 8

22-03-2024 00:14

240322-ajp24afd9s 10

Analysis

  • max time kernel
    140s
  • max time network
    141s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-03-2024 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ggpermV3/ggpermV3 - Acceso directo.lnk

  • Size

    1KB

  • MD5

    5c38f8ff26159636728fa620a07eb5f3

  • SHA1

    f1a901f597849916c93598279d7a648070751771

  • SHA256

    1e915274b105e858d0f63ff2273c46791828dd65694c92b8f0f60f9c82bf3ab0

  • SHA512

    260a90915f39ee7c00ac0f7a8391c282f318b0932c0e49dac975bd5ea43f9b46537e0c67449cc50cce89e62efcf411af768b305ee391eeca9f566277e360b3dd

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3 - Acceso directo.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe
      "C:\Users\Admin\AppData\Local\Temp\ggpermV3\ggpermV3.exe"
      2⤵
        PID:2984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2984-2-0x00000000008D0000-0x00000000008E6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2984-4-0x00000000058B0000-0x0000000005DAE000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2984-3-0x0000000073D50000-0x000000007443E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2984-5-0x0000000005280000-0x0000000005312000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2984-6-0x00000000054A0000-0x00000000054B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2984-7-0x0000000005860000-0x000000000586A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2984-8-0x0000000007A70000-0x0000000007BBE000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2984-9-0x0000000005850000-0x0000000005864000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2984-10-0x00000000054A0000-0x00000000054B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2984-11-0x0000000073D50000-0x000000007443E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2984-12-0x00000000054A0000-0x00000000054B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2984-13-0x00000000054A0000-0x00000000054B0000-memory.dmp

      Filesize

      64KB

      Download