3a7926816890498b4b28caeb0017fc5adea97a222c2c63f2e477e3dab269971a

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

50KB
MD5

c6f9d01d211a535eb819a7bb0057a77a
SHA1

595634222c6013ab6278d637c502f7cd062de37f
SHA256

3a7926816890498b4b28caeb0017fc5adea97a222c2c63f2e477e3dab269971a
SHA512

e8553c88fef22f1e315e38f71008a4ab034fbad7239f486d948e25c1d6d63c66d1fb176874d60429b45bb5aecd462529933a227b0cdc8245eb7b16e707f353eb
SSDEEP

1536:COlCGjrZRlV1eCE6cWzPLoZh4hb0qfWT5M4:DLrV1eCjx0Z2ewWT5r

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2064	ggmiuy.exe

Loads dropped DLL 1 IoCs

pid	Process
2064	ggmiuy.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\hra8.dll	ggmiuy.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ggmiuy.exe	tmp.exe
File opened for modification	C:\Windows\ggmiuy.exe	tmp.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ggmiuy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ggmiuy.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1940	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
PID:1940

C:\Windows\ggmiuy.exe
C:\Windows\ggmiuy.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hra8.dll

Filesize
12KB

MD5
de61de242b5500304af17e4661100ea5

SHA1
ed6c1fce0696ce100a93f2d3cea83a0475947e4f

SHA256
3c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5

SHA512
b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f

Download Submit
C:\Windows\ggmiuy.exe

Filesize
50KB

MD5
c6f9d01d211a535eb819a7bb0057a77a

SHA1
595634222c6013ab6278d637c502f7cd062de37f

SHA256
3a7926816890498b4b28caeb0017fc5adea97a222c2c63f2e477e3dab269971a

SHA512
e8553c88fef22f1e315e38f71008a4ab034fbad7239f486d948e25c1d6d63c66d1fb176874d60429b45bb5aecd462529933a227b0cdc8245eb7b16e707f353eb

Download Submit