Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 16:11
Behavioral task
behavioral1
Sample
cl_pg_installer.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
cl_pg_installer.exe
Resource
win10v2004-20240508-en
General
-
Target
cl_pg_installer.exe
-
Size
11.8MB
-
MD5
bae58fe42215baaef1061348ca9251f5
-
SHA1
63207714e323f57183ec633e9f4502eb6834249d
-
SHA256
072810611923fa8f1c046c96d626393223a5e4c2a6741f700352d75282b44d22
-
SHA512
999193718ac3993a5df6463d70a06af4bd9dfcc1cc7c0279c988f1a06a8895b9581ccad8720a18e7be2d463f53f82e6f7b8ab174431000947b528ca14af9f667
-
SSDEEP
196608:8KNJm3AqWBJHcsgH++L2Vmd6+DgTNfwZHYYilkSEF/U71e8PmWvMV7A:F/m3pWBJHUe+L2Vmd6mgBkq1MN8P1M2
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
cl_pg_installer.exepid Process 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe 2652 cl_pg_installer.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cl_pg_installer.exedescription pid Process procid_target PID 1744 wrote to memory of 2652 1744 cl_pg_installer.exe 29 PID 1744 wrote to memory of 2652 1744 cl_pg_installer.exe 29 PID 1744 wrote to memory of 2652 1744 cl_pg_installer.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"2⤵
- Loads dropped DLL
PID:2652
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5e36ac4af8b02564857edaa68e2bbe1c0
SHA1b6b379261b5432b019b4182b7be50ae61c1fd06e
SHA2564237c0d089329b605d5416dae4005e1c4808a284b51dbaafe07a4b2cc7fcfb00
SHA51261a6b2cd08ee54765d9ec6d2d1ae1b898b40a718eee022c74300a1c640afc7bbb43e7269e3caf42703991507e354566aca6923ea9e32bb513f4a1504feff2e4a
-
Filesize
13KB
MD5e8bdf021f69a63aa761ee231ace7efbe
SHA1f1ba959f0c196748c9fd7a81f4b626075fd8afe9
SHA256d0d8495562a6c8b7f6d68dcd9dbd096dc5b68a5f337b7fd0b1fea60014c25adb
SHA512f16dfc423cfa60c11d215db3448b93c7f3b405f96002ba636068f51f2de1971b4ccd8b020fad1b761ab82e8692a80872668d0baf9a560ad012f30ae440d73c81
-
Filesize
15KB
MD57f1ee2e33c903c7ea23dc80a19d6ec3c
SHA15e533f79dd14268c42e426efb1d3c3d29106e47e
SHA2562ae12476304e22e7f31c71398fcf0acb626a6b44b37a7f68b6357cd049567d2f
SHA512266f0337c1ea2c39b6248c5db9b8f500dca7664c11e72abcf37b3e04b541ec8f7efa84d46980c0bf007cdc8df726703de5bb04bc7c62da4e99d354d7cb4cafaa
-
Filesize
13KB
MD592233d5f2057a6c99939e1549c8a63ab
SHA13e9a3b9e362025410d69458727462bb6338198f0
SHA2566fe93c03cb84c7be2e8ef5c12f6c1595861c78edd1e099137f0c0866dc2fa5d0
SHA5129aff968531a3cab229b3b5d216299149bf6ecf03086c5ddbe5a09ed52b62434ceffcf245be6306d7308e478acc5c445e1a6494491c0e8627818ec2472ce052fb
-
Filesize
13KB
MD549100ae18d47b3a944205adb0820ff90
SHA15ecd49104c4f5c15a4147bfee35c6b9ac1291d0f
SHA25653ecaca6e272bb4b283013a76a23004f8fa5bc0340d171b764c2bbd856e26a1f
SHA512899a5b3f1b9a93db634507bde71be8157acba6fac4af3d35d08fca598a7cf6dc5c5d16fa122493a0516c13a22466909165ff94ef99ec9f394cbf2f2ced7a82cc
-
Filesize
4.2MB
MD5e9c0fbc99d19eeedad137557f4a0ab21
SHA18945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf
SHA2565783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5
SHA51274e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b
-
Filesize
987KB
MD5d40325e6c994228a3403f8ba8f24601f
SHA16266b5dc2001ffd75da3588dd7c43027a706589d
SHA256a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862
SHA51259e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9