Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
08-08-2024 20:06
General
-
Target
GetGoDMWebInstaller.exe
-
Size
1.2MB
-
MD5
aed283d0b46486c01632fb3084b38d3b
-
SHA1
78d8fe507340ffc7fc61924b91410bb8dc08e327
-
SHA256
b738c41b8edaed371228bc720f93e0ae5948084e62738dbd2f7d5de2ddfe2a3b
-
SHA512
463a1851fb5c87261cd3f72e7154fd31461166d12e7b482cf651bd800cc1662555b18e38962f7678796a2f4198654571fbded5e3e061f4695861b4cce1033346
-
SSDEEP
24576:6UUfyV/OwlPEZTHBGR3JXlxXnr4s8cdckgrD+XWNW8LQSK:68/rlPEhURZVF4sDxgr08PLK
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\GetGoDMWebInstaller.exe"C:\Users\Admin\AppData\Local\Temp\GetGoDMWebInstaller.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\GetGoWIClient.exeC:\Users\Admin\AppData\Local\Temp\GetGoWIClient.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\GetGo Download Manager.exe"C:\Users\Admin\AppData\Local\Temp\GetGo Download Manager.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Cancel_D.jpgFilesize
1KB
MD55ba37131ef857b73b5c96974f48b19b6
SHA1144b6773ca268ef3c4b244e6869378e89d92d1e6
SHA256603fc391e5d1ab42cd5f90f97387c5f826884b4ae172d2440211ce9cb97bed86
SHA5122abcf072f63755ee1ae0e45d44a1d210ca6e03d6fab9127dc3ac89a349f579a322e20dd1173fe4c24d9a7000215248b8021a393f7075aba6b74904cd68eb2dd4
-
C:\Users\Admin\AppData\Local\Temp\Cancel_H.jpgFilesize
1KB
MD5435e6ac835b79a7605a41170b6edb4fe
SHA10b9c06cc9cb6dcbdb81f74a8fdb8e45a942f6590
SHA25650cb841c6b29c908b918e776cf06f958fd3786c4d0263a75a3d88f367a415ed0
SHA5122ed313d0dc2f3ac14e41049c096e43e79ead41ff4bd5e5b3d6e8855db9ccc754fe5c9981f0322849cffa8fc1a320ed3e527ee68632aaafe692038c2a5f7ad83b
-
C:\Users\Admin\AppData\Local\Temp\Cancel_N.jpgFilesize
1KB
MD5edaab1e4e632fec8ec1c5ca10ee2999b
SHA15d5ae7d2ea7050e1e59dd0e4c8cb8354f8e111c9
SHA2561a29fa4258e422ec0bcd61f717f576fcbfa0ed8aa8da68ae3e5e858e2b74f915
SHA5124b2c7a4df4ddaa3256b8217839ec17acb031772ccb87cb5163689a6c5be63ea08ed40f950ba53a9dadc09346ac861164a5bb1685f79978d5ddd4dc1e8025bfbe
-
C:\Users\Admin\AppData\Local\Temp\CheckD.jpgFilesize
882B
MD5641fece5fca722326fafecc9b4c4ac9f
SHA11c70afba5278264122006fe90d23bb661b62ff81
SHA256ce2fb82b4c8764966b2ffcaa55aff40d9348c17730eda1cec8c671db786d9775
SHA512141e7ea455738ecb6930e7c0c40f443e0e593b7dcbd2e8cccdeaa8753c6eaa02dc0261683220d5101722543674aed393bf0ed1220c6e3a11a728c2f4cb587969
-
C:\Users\Admin\AppData\Local\Temp\Close_H.jpgFilesize
969B
MD5bfe21fe40e26676e101c4452df80aa4e
SHA13a3c8a9050ad940dfb3aa8029371ef5196397d2e
SHA256262620de5619ab5000bb248c47001ae6daa117d5d26d3bd0743d35798bcf6f16
SHA512dad4ec8f89b1936b4c9c4c16eef527ead061fcf653cb3eaa88a2e6fc240872e1f95b66491aa1c967f3e1406f39b5c321d9fd4ab5c7dd0bba3468b41a58c721cf
-
C:\Users\Admin\AppData\Local\Temp\Close_N.jpgFilesize
965B
MD53108beb9806d74cae4f0f43f9539beee
SHA124f31ba6779e1bdfdaf80413dd77d6122a10a838
SHA25668b82c4d13aa96c19342fe36c118fa2c94a813a49b8d5915fb4253230afa082d
SHA5129358f752fd53dd5d2b5970defd43d3c36f238dce1f79388e69d9fb37bff7c3b00bff538aef9dbb5e72171592da0831048787cb25e138b3a95eaa28e688f4b337
-
C:\Users\Admin\AppData\Local\Temp\GetGoWebInstaller.xmlFilesize
2KB
MD5c6a71d2a5027b3585bc79f2f0988af0a
SHA1e33059c3f8feec22c443e38c5e0dde5ed334503f
SHA25655a3531de1213474ea73b1b9e45dde783d05c8f948057ed4b5a2b590742132da
SHA5125101f460f32ede2f2e2e924d0ca0c1cedecc33c3f1b1a4dc15fd76217b9c1d495c63b6b42d2f4a5b986d349db60488473cd1c8af8f6cf8b95adb51e9a9c24b9d
-
C:\Users\Admin\AppData\Local\Temp\GetGoWebInstallerString.iniFilesize
2KB
MD5c4d265ce2577f49e9d9d28db6370ac6d
SHA171866f579d6ba26f488ee6761b29577725582fa1
SHA256d3d08c8f634bbfc68f418eb85ec19d7092cbe3e5a0246445d50835b344c27fce
SHA51219e9d1a1c62d3f3f780dbbe492233b3e1ab6e19293f02155ca9fd32766558fb226296f7238e9626408aa7a81cb7e563ca901480b150e76080c5f57294a95d16f
-
C:\Users\Admin\AppData\Local\Temp\MainWndBkg.jpgFilesize
51KB
MD54c87798f5288521e51a1b25419897f5d
SHA181bf149608d57457472bc6d8b18efb6271698420
SHA2569bd5b11d5353950338a5566120123821b6c756f682078b21421826dd851ddd60
SHA512bedbd54045123868aa850fc03d5fc76c47c666be35c97943b0d90cfd41bdd4e84c18b661fbdfbf7cd4d6ad245e3f3fb466b9271de473628acae5f5621000a37c
-
C:\Users\Admin\AppData\Local\Temp\Min_H.jpgFilesize
843B
MD5841f5cc38c501878915b873f6f6eb1af
SHA18735867741a300d037c8360bd02e3fd338a619d8
SHA2568641fbe5c60480bf22541c7478f483b89ee655bcc2190f5c270fcc436fa9606b
SHA512c90c13cb61105b90a7f5e932907a7563b8e649e9362a71541bc9dd887ee553a03cea188f20a593def6ef49602f7cf936d6c20e1ddb69a0cdaba087b231936b8a
-
C:\Users\Admin\AppData\Local\Temp\Min_N.jpgFilesize
747B
MD538ad1e24897436fedaebdcb25c2b5bb8
SHA1ea87f8bf916ca84953eb16ae3d5898212faba367
SHA2561067c0de3d7e44141ff69e4d5d362276e198bb1f6f6abb8a01421c37b5c2fb08
SHA5124a691a8838b007500b017278dfedb44b900c93cf9bbd80fe92711919199d4805340a36e11498118fcf8562249d75ab68fa5a27faaab7a7fb0ac62d4958a55623
-
C:\Users\Admin\AppData\Local\Temp\StatusBkg.jpgFilesize
1KB
MD5cf3b67a1cc45d9d414371d4a610aa628
SHA1c432c8705f20e91fbe918c4731a223df6da1f942
SHA25613b703a6440319512d7c6177709773020811252e1383102085cad3660255892d
SHA512d373d9bddd3f9cd58e61ae302fc55c5e7dfc532220d35ba83e630c99075d26bfdfb686bc1fb7b47087009ec383d3f5d721f6642b66774708ac4c65beb7b9ad6a
-
\Users\Admin\AppData\Local\Temp\GetGo Download Manager.exeFilesize
4.7MB
MD5cf3a289d668f965214e31797daac45bb
SHA106ed421cb895d294ecc0ad55dcda5718f3eccc92
SHA256ad64fa0d426a895455755c76f3f8898bb5dea2bb13e9e65b9989b32d8fb3b05e
SHA5128744efec82bf7beb92fd4acf3726bddde518929096ced0ae1328cc589623ca1ee7758b44ecee4678434072ba216b33f9528131501aa13b1452b6d340037f34db
-
\Users\Admin\AppData\Local\Temp\GetGoWIClient.exeFilesize
2.3MB
MD5fde1847d72ceccceea496380cd878b4c
SHA163defcfc407ec98a304ff0bdcb59bd592cb8bdc6
SHA256b39ecd94f3e37e4c85471f40690c4570cdc8b8d317dfff8e596b3b352a7a5730
SHA5121cd5c67ea0411d80069906116b0589645aa33f9824489c10d89509693534998c29a4b6ad556c64c3eade99a72a6ed7ecd0d64dd896bdc7cc7414af4dc151d3c9
-
\Users\Admin\AppData\Local\Temp\nso9262.tmp\AdvSplash.dllFilesize
6KB
MD513cc92f90a299f5b2b2f795d0d2e47dc
SHA1aa69ead8520876d232c6ed96021a4825e79f542f
SHA256eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
SHA512ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
-
\Users\Admin\AppData\Local\Temp\nso9262.tmp\System.dllFilesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
\Users\Admin\AppData\Local\Temp\nso9262.tmp\nsDialogs.dllFilesize
9KB
MD5c10e04dd4ad4277d5adc951bb331c777
SHA1b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
SHA256e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
SHA512853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
