Overview

overview

8

Static

static

gbagcchq.dll

windows7_x64

8

gbagcchq.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    141s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-05-2022 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gbagcchq.dll

  • Size

    348KB

  • MD5

    dca3f0a3eecf16ac4b72615d712112e9

  • SHA1

    909870e8ea76626fbe13e2c960560c2a165bd102

  • SHA256

    b5abacf24ae5aa96016c09f71a78d0121fff396d6154740eab622c4751e1764f

  • SHA512

    4bb8558e76f78b1078526952420789552930119fff8a8163d86e809186bcc7f2d2b78ee1475bc2d143648a1e890da841f0dd24704a3a1b93783b686cd95dd510

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\gbagcchq.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4636
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\gbagcchq.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1812-131-0x00000000007D0000-0x00000000007F1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1812-132-0x0000000010000000-0x000000001005C000-memory.dmp

    Filesize

    368KB

    Download