Overview

overview

7

Static

static

5

4500b5e270...18.exe

windows7-x64

7

4500b5e270...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDIR/nsis.exe

windows7-x64

5

$PLUGINSDIR/nsis.exe

windows10-2004-x64

5

GinoPlayer.exe

windows7-x64

6

GinoPlayer.exe

windows10-2004-x64

6

Interop.WMPLib.dll

windows7-x64

1

Interop.WMPLib.dll

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

launcher.exe

windows7-x64

3

launcher.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-10-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GinoPlayer.exe

  • Size

    230KB

  • MD5

    c82bba9c6fb9d1bf2ec4e114d8456844

  • SHA1

    f1d9856b01626ef8b84a70f50df13be6b2ce4823

  • SHA256

    69a75ecbd4db1dde170e23e4c227d62269346244c1861bdfb41b9da358d89ef1

  • SHA512

    ee49770382d0b2ee9647fd8d4e91dfc98bf69522bca08cbc9c1a6e0a4900ca24f29111bb3a220895c07cccbe80b9a871a2bcbcc0e5ea72502dd28c37ffeaf1ef

  • SSDEEP

    3072:ZX3Bhg694tjSg694tdHoPgR4PKmAsFTmIeBOtYAVoHhDL0ad/dl+rozWlyf/tVzV:c5+PU4JjyONVoHhDL0ad/dl+Tyf/n4

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GinoPlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\GinoPlayer.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 2460
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4044
  • C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    1⤵
      PID:1844

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • memory/1844-10-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1844-38-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1844-12-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1844-11-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1844-8-0x0000000001290000-0x00000000012B0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1844-9-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-6-0x000000001D720000-0x000000001D7C6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2112-25-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-0-0x00007FFF96D05000-0x00007FFF96D06000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-5-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-4-0x000000001C720000-0x000000001CAF4000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2112-3-0x000000001C1E0000-0x000000001C316000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2112-13-0x000000001DCE0000-0x000000001DD7C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2112-14-0x000000001DD80000-0x000000001DDCA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2112-1-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-7-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-26-0x0000000020170000-0x00000000201A4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2112-27-0x000000001CB80000-0x000000001CB8E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2112-28-0x000000001D1D0000-0x000000001D1EC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2112-29-0x00007FFF96D05000-0x00007FFF96D06000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-30-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-37-0x00007FFF96A50000-0x00007FFF973F1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2112-2-0x000000001BB90000-0x000000001C09E000-memory.dmp

      Filesize

      5.1MB

      Download