Analysis
-
max time kernel
13s -
max time network
15s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
31/03/2025, 05:49
General
-
Target
https://github.com/ColossusYTTV/GorillaTag-Account-Manager
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ColossusYTTV/GorillaTag-Account-Manager1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x30c,0x7ffe900bf208,0x7ffe900bf214,0x7ffe900bf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1932,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2616,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3352,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3360,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5080,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,2191271806652799613,9965919126166561870,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD577532bfc14c90e92c2c117f6625e41d1
SHA17ba952d5e18485d66976547fb8f47b2aaffeab80
SHA256587fe94912145359072577e01c7fe95e0fd4e6972e35f0a6a4d464382d8237f7
SHA5121b1b9ed2c3012cb6371b05681acf995a15feab32f0bc860bd4c441c1a1dcd8bd1a9fc7985fd10c16674ee7423a86c479a241dd5d1c843fb70962504db0eb82a2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
15KB
MD5484602fd3442d44bc6d64b800f82e3cd
SHA192edf4ac96f835214b4904ab9c6d966dd876d8ed
SHA2564e4418c02cf24eea0f648dcaab3653cc2e0c59b1483a38067213138e26d8918d
SHA512293c7793f7cb69069d87b562244d3fb565d841cb3e880d371e73333e64e2bd52e45441670f476e6ba4b1d7947472bcb5ed7e9f066c70493bbb6fce5e8d63fbd6
-
Filesize
36KB
MD582f1c1743e37d30dd02792788759708f
SHA1a79c5f3a3e48679c577cbc01e65d4d30722c2d41
SHA2567edb7ba7e632e90ea6c300204a7184458726237065ddedccfb04214bf47b2977
SHA51290499b0b972c3e2620a8a7c83c58dcb52bdd4154785ebccebd203e605c2198a6a23eeacc2c65fe942ccc52010a6cb1b218f8b3ba5136cf88d00e966f5f18d2b5
-
Filesize
21KB
MD56f251aba292d937d0684f5b162b14422
SHA1c63bb1327bdf85668e05793d9d980aafa478dfdb
SHA256c18642de7cc413bafc676ac92b9aaa8ec173923405918ad7efce30471b6cb7bc
SHA5122bacf909ef64855b3990f53df938cf2e203a81fb77af214b636ed9932e410764d8050c56fa9c01e56b4136bc80249b95022311431d2f62ad60d97e28f600be38
-
Filesize
41KB
MD5fcac747fde8e856cd987c75fc0af0902
SHA1f4c2dd807dc5cd9ceb626ca8123ab86f4b194f62
SHA256eb9e9295022162ad334d225c0517de3102900513c6fa7c8996bfa5710f4a83e9
SHA5126a13fb7065f2c30919a7f42cd34de1445d5f40cd017c266cb891eb61ab828144cad1b52f1ad6cdbdae2b29412d8c0ad28573bc67c5f09b9ef6516188d1522df8
-
Filesize
41KB
MD545ceb33996fe2ddae5dcb2a5ce3b69e9
SHA1613a88b55ae878225346366c763d463bc9d1076f
SHA256536a0fdcf6e6aed3f9ee2061f8e0d402035455439838f255dec05f7ea00e6b39
SHA51295bfe160ab206b3b53f681a0f9897dec52579824bd0faf420fa64e8e92c540e2d2cb8c3897e2a951c017d0f2b866b6e48c2ce34e7961629242c343ff291fb58e
-
Filesize
2KB
MD5de5d4849aeb2a160800d569750305eac
SHA10e815970ca05255e3d90b39a208d488e802dbbba
SHA256dce27e7aa29ccb84572bf7c81b9d0a0f44a162a1e2ba80848a3581cbfbfd58bf
SHA5128a7edb45a90f9167af92ea911399fec34038f12682d5779e7710fabbed4c5ab4d4acb2fee97d79325041ad044674cbf620794424d8519116cda89d81b3086fa3