d085b46328c25a973bc157c29d43155a922cf7b2586b5debbfb2c44d3835203f

Analysis

max time kernel
149s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5GG.exe
Size

63.9MB
MD5

d8c47724d1ac161564731578199131fb
SHA1

7950366ed09a8b4ca0f7c176f6d5d9f0c73cd2bd
SHA256

d085b46328c25a973bc157c29d43155a922cf7b2586b5debbfb2c44d3835203f
SHA512

4c0969fc6affbc248484964721088e40a0d56ddb80f8fbb8c84a2503bc8a949f0313ce7a330d21fc56456eea2f5daffd8773b78f8bc0b0ce296f5e60df4c71ca
SSDEEP

1572864:IIIyVQR8VuiNCUbx4ku9WAMjyB1W37PMMox:DuiXLu9f

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

5GG.exe

pid process

2912 5GG.exe
2912 5GG.exe
2912 5GG.exe
2912 5GG.exe
2912 5GG.exe
2912 5GG.exe
2912 5GG.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

5GG.exe

pid process

2912 5GG.exe

pid	process
2912	5GG.exe
2912	5GG.exe
2912	5GG.exe
2912	5GG.exe
2912	5GG.exe
2912	5GG.exe
2912	5GG.exe

pid	process
2912	5GG.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

5GG.exe

description	pid	process	target process
PID 2108 wrote to memory of 2912	2108	5GG.exe	5GG.exe
PID 2108 wrote to memory of 2912	2108	5GG.exe	5GG.exe
PID 2108 wrote to memory of 2912	2108	5GG.exe	5GG.exe

C:\Users\Admin\AppData\Local\Temp\5GG.exe
"C:\Users\Admin\AppData\Local\Temp\5GG.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\5GG.exe
"C:\Users\Admin\AppData\Local\Temp\5GG.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2912

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1760

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\hook-PyQt5.Qt3DExtras.py
Filesize
633B

MD5
7e49a106518a0b24a385472f20897ead

SHA1
4b1f212a26d58d9bd950ecd74161b833baf75b29

SHA256
5287211c9e7572467fb325c9c9e2ccdbae124d45d1081fd152cbf7a0277a83df

SHA512
5c7ff7a786b906892b59547b975b60163b22c184ecccf263ebf7c3a1b7729145fad99fe10c5267ee26e345fd77afacd2230ec07d748ebc1b48da8dff20e9322c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\hook-PyQt6.Qt3DExtras.py
Filesize
633B

MD5
5a8c950f6874824a43331edf2aeb7077

SHA1
c14705c1d6d10d0d229f569eb7a2afe3aeb95ee7

SHA256
c7261094df2d79913d890f5e09b515284286ed0edf2a14a16f8b24aecd259476

SHA512
421095a0601cccbd4644ea4be751e56b671eb15879d99512ede9f101930e95c3da852f1f9720aca8ec947b224affbd5ace81e0ad4a8cae773c10cf9f13626703

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\hook-PyQt6.QtOpenGLWidgets.py
Filesize
633B

MD5
13a6f0b41293ec52e3372259f0294767

SHA1
02c2afb687a17d8234440cf6560dacc7a02b3a36

SHA256
d85f6a0f862a219aba0cc2917a09fb0c7bd2e84ab72169016b949189ed7537ea

SHA512
6a16b65546d42035e05462cea20b1a82f4c1f8800138d42b47deb3d07959c48d7513a938e15d57d536c6f959310b8f9028ae47e8d6b934b5784e183394f028a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\hook-PySide2.QtWebEngineWidgets.py
Filesize
633B

MD5
0c14d4e682ffa5cd1272c416d9e35207

SHA1
a2c069b248de868f485caa2428d49a60ca368618

SHA256
f2fd53d6140e5fd8d20f7cbaac48b07443b2b6aa8d07b17119e8d76d590394c5

SHA512
3339cc05d87447d75139667914943a5f1f72f72291c985f698a549cd3da11de06cd2040a0841c6913a247d13343fa0294ef16e6ba6ca8fc1d8931d0be548e31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\pre_safe_import_module\__init__.py
Filesize
2B

MD5
552dacb15f2019c8f3f74c55befa242c

SHA1
9762053d4defb8be822cb0957983a6b8796976d6

SHA256
32c4858e22cc2c967b42150fa550562a2c839c2cebcaab91cabdf6f4da020022

SHA512
a80f7cc2606ef6e5474e96b1e520c17ecf432f0da9a566bd157044130cfb548f10d929ffb5783008df78b6d07d07d109bffbad1998cb8309eccec7e4d3fc813a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\PyInstaller\hooks\pre_safe_import_module\hook-gi.repository.Champlain.py
Filesize
783B

MD5
1b0bc7182c35820f0929015d09008c89

SHA1
685c570e0f8a4edd20d784fc1b6290040d0dce95

SHA256
7397fbe0a78f507b7eedf1ffb4941fbaa078e32b184cb6c29bbeaed90541d3b5

SHA512
dbfedd44c1f5793dcefabbf094cbeb480e9a59f39e43589e63715d41ade24fe29a72e58485af5dc57f4cabb44285d37de4393e87bf5200aa79a9e2e363a3d95f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\_pyinstaller_hooks_contrib\hooks\stdhooks\hook-nvidia.cudnn.py
Filesize
572B

MD5
34058b220fe2c508e2cb6705df0fcb5f

SHA1
57021f42570bbc97cc434fcc0b3546278422a366

SHA256
af1a7f8b185d9492e350f874ec7d658a9e50d2660d22b00719b4497c5f99d8ef

SHA512
23a3bc9ce908f0aeefe4d12752f6f861fb3d510467ce99d42cc5e6bcaaf488af5235523e2f63057d3a80436e4c8009c214401bcc56ca688c7f3d66b2c90830e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\_pyinstaller_hooks_contrib\hooks\stdhooks\hook-timm.py
Filesize
565B

MD5
8fb750969445f2c60a9d84befd447561

SHA1
0d10b229afe430e6e9817a4ca7381789787d3723

SHA256
4812ae9489a11e0a0f254ab8287a95a40b1f6fb18e3e8205fdf0fe3ed4774ec2

SHA512
3e210caaee335b47170d54ab33995cdb144ef3b6b0a3a8725399c475d7311fef255bdade638cabca242d86dbc1a6b546f2d3c60c644d807332cc921cde25feb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\bottle-0.12.25.dist-info\INSTALLER
Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\future-0.18.3.dist-info\WHEEL
Filesize
92B

MD5
18f1a484771c3f3a3d3b90df42acfbbe

SHA1
cab34a71bd14a5eede447eeb4cfa561e5b976a94

SHA256
c903798389a0e00c9b4639208bef72cb889010589b1909a5cfbf0f8a4e4eafe0

SHA512
3efaf71d54fc3c3102090e0d0f718909564242079de0aa92dacab91c50421f80cbf30a71136510d161caac5dc2733d00eb33a4094de8604e5ca5d307245158aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Lib\site-packages\wheel\vendored\packaging\_structures.py
Filesize
1KB

MD5
de664fedc083927d3d084f416190d876

SHA1
fe0c3747cf14e696276cb6806c6775503de002b8

SHA256
ab77953666d62461bf4b40e2b7f4b7028f2a42acffe4f6135c500a0597b9cabe

SHA512
cff19a724fac387599d98c0a365849078dbcbea65efca1ee445f158268b9241e552212a99e7e0b34394d246e3a06c999a7f1a967f64b2724ca9b623d62996c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\venv\Scripts\normalizer.exe
Filesize
105KB

MD5
0d55cd64b7bf5670268006650a3efa55

SHA1
464cd1b3ad94e2a45a95946f64280015adad75ff

SHA256
514e40759869f958d7c720fc8c04d5c9976113b260280a3bb85c207370f7d866

SHA512
b641e65bbea1cab7b8c88f8d1529b5926c66132b22657a0f12b33b37bd8576591b93599155f3ffd31c5cd0a344a59b2fb90bfe2a117c0e089e3fc986efff59bb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
fb4dbb2f9ce4eee098149ee4c667f74f

SHA1
4e0215a9eb51517d65735ac84d9815bc0a18758e

SHA256
bf716016777a306ae35a1c7dec592b7b9a603320cb0a69764ac34a7b00d75ad2

SHA512
059247adf3545e3aee5b9af418d260521a405fc414ae96caa7b2ab3c37965c5a634554b7cf20da0264a3e53054f3879832905292f688f61e12390e4fea2125d9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
451d756bacee4885ae059e466779b097

SHA1
b2226a31b49c18a545679e51ba3efd9e8d537166

SHA256
728cc9c30bfa035e1f17ebede9f42437bf75807cafc088834f49df05d47f8651

SHA512
30309b52478d51d2014a1e7b3395a916c732c2f6a2f01a5e53b04513740ed74b7fddea8d0354c725db94cabe36b2c83eb3600411cc1732a6ad0b016aee6a76d0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
bd6c6f6688e74cf02107ea494458d1b2

SHA1
99aa195b3cd8ab4d75e71db3617d93de141204a3

SHA256
4c71905519cdc523972ba7efecb8671b526069a295e1b5ba75c754cd36de5455

SHA512
75c22d689962833b2052de1ec9d58b947c0c2956a3b618ea3f1893010cdc7dba8acec5eeb063e15b526e75e23d333aa7f0c7a181f0de78220ac4e7a8531da698

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
19dab566b2170a204fa83ed397feef4e

SHA1
afeef985fca7cddd7a5e827ddef1c8aa044391fc

SHA256
a056ea757dd9fc8682ef24da36bdf3a9b9b9714f856ee25960d40b882797b458

SHA512
2dfdf9b7158e8eb3d9a70eea78f61de751b2a64cea03e25bce83f344cd4645829f7226ed406c8128e263d519c7f31b218ae3170c42870e748f1dd4bfa0f4ce22

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
22b0a9b00c0d31ab70f4a0e3164d8686

SHA1
4c863a71d37e23602b2258bf92062a2d9544dd31

SHA256
807f8478b8cfd4ff1e86f3c5df9f48a31150d7658f37678f867934e8fdc92a32

SHA512
f2985307321642db9efd4ac22261e2c7cb87e4300763cf401063a0cb13520a5f5fb062f062d42dced11d90508aafa2d3fb5b9b49ab437971fb2deee499c896f8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\python310.dll
Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\ucrtbase.dll
Filesize
987KB

MD5
4787d6a587a04513ec60770af6ace5eb

SHA1
da64c5819d1a497077cf70492cff3fc820313294

SHA256
106d96ebb4435aab3d5147f1de1e0b3a2e68b3b23229a084b3149941633aa248

SHA512
95f6fc61cfb99ee80c788331289026e29234ed7e664e154a09dc51b60eeccd79d3f7bb56a106769676f8cc02983ad6c9bc8b9f47eb23aa5e7e701b3386ab6a90

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads