Overview

overview

8

Static

static

3

.exe

windows7-x64

8

.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .exe

  • Size

    241KB

  • MD5

    fd66ad744b4ac44881aec78b82792bfa

  • SHA1

    942703c06198a7c8929e2a2da82c9b0713653d6e

  • SHA256

    1d452ac3158f4353caead71ec3424dd12c543cec45d9b8739ea2e86fcd48fa51

  • SHA512

    fae353c41169d3f2a748744bb75935ef3acfcbda6c7472abbe79bf2c332ba90c1eecb1fd4a523bcb6422e488dc8d8f446103e202cc0026f61e7cdbe5615558da

  • SSDEEP

    6144:JZXBsWqsE/Ao+mv8Qv0LVmwq4FU0nN876WWhE:XXmwRo+mv8QD4+0N46WW+

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\.exe
    "C:\Users\Admin\AppData\Local\Temp\.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\Gorn\Gorn\prostoigra.bat" "
      2⤵
      • Drops file in Drivers directory
      • Drops file in Program Files directory
      PID:2604
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Gorn\Gorn\neznoesvidanie.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Gorn\Gorn\1.txt
    Filesize

    16B

    MD5

    768c3bec3fd688305a2f2e8e6a1affc4

    SHA1

    c3886cb9f83c3eba0cd55b8e1b1ec8918855e67c

    SHA256

    c87b314dc7c4a201a8e24efdc5d0aafe07b77ccb7c430601628b3f2bbc33c066

    SHA512

    a9faa535428d483bbbdc68270da656d07d177273b7141288d410aad57fc0259d4c64a9ee144e78941d15dcc079a033c1207be4c8184a25739550feab735cbe25

    Download Submit

  • C:\Program Files (x86)\Gorn\Gorn\2.txt
    Filesize

    27B

    MD5

    213c0742081a9007c9093a01760f9f8c

    SHA1

    df53bb518c732df777b5ce19fc7c02dcb2f9d81b

    SHA256

    9681429a2b00c27fe6cb0453f255024813944a7cd460d18797e3c35e81c53d69

    SHA512

    55182c2e353a0027f585535a537b9c309c3bf57f47da54a16e0c415ed6633b725bf40e40a664b1071575feeb7e589d775983516728ec3e51e87a0a29010c4eb9

    Download Submit

  • C:\Program Files (x86)\Gorn\Gorn\neznoesvidanie.vbs
    Filesize

    218B

    MD5

    f920326c9fa8ffbb136d0089a52c0b04

    SHA1

    6cd85d1f3c518030a97f20e5b974e9ad09da085c

    SHA256

    41e5bd5a5295874e32cef72d5b19db7b6b1a90153ee38c9d93191c4d7bbf91df

    SHA512

    57697c0a646959592707a54777542336fef69269f6e8adb1e3722027db84e531966929d18262e44e240790cba3da1dbd0d4b758212b3763d741e40973a100be6

    Download Submit

  • C:\Program Files (x86)\Gorn\Gorn\prostoigra.bat
    Filesize

    1KB

    MD5

    57b3c94445a1f9fc2de9d088de084b39

    SHA1

    1b7e1b51257354d5e509b16916ea9a74ec9c1bb2

    SHA256

    42de4c51bbd9ff752527ab2574378ec4c10c950422da83eaceb01edb27f2116c

    SHA512

    66ebc964daf2f9a090d5dd5745dc8c03e4d8d9d1b61f6272b73b0c62136dc693e529d719e978c07079ed85c93b9b1dc77eccc83e0f36019da85603e454ca151f

    Download Submit

  • memory/1712-60-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download