Overview
overview
10Static
static
10GDHM_TASBO...ll.bat
windows7-x64
1GDHM_TASBO...ll.bat
windows10-2004-x64
1GDHM_TASBO...32.dll
windows7-x64
1GDHM_TASBO...32.dll
windows10-2004-x64
1GDHM_TASBO...E2.dll
windows7-x64
1GDHM_TASBO...E2.dll
windows10-2004-x64
1GDHM_TASBO...ow.dll
windows7-x64
1GDHM_TASBO...ow.dll
windows10-2004-x64
3GDHM_TASBO...ow.dll
windows7-x64
1GDHM_TASBO...ow.dll
windows10-2004-x64
1GDHM_TASBO...lf.dll
windows7-x64
1GDHM_TASBO...lf.dll
windows10-2004-x64
1GDHM_TASBO...eg.exe
windows7-x64
1GDHM_TASBO...eg.exe
windows10-2004-x64
1GDHM_TASBO...v2.dll
windows7-x64
3GDHM_TASBO...v2.dll
windows10-2004-x64
3GDHM_TASBO...ef.dll
windows7-x64
1GDHM_TASBO...ef.dll
windows10-2004-x64
1GDHM_TASBO...et.ps1
windows7-x64
1GDHM_TASBO...et.ps1
windows10-2004-x64
1GDHM_TASBO...ko.ps1
windows7-x64
1GDHM_TASBO...ko.ps1
windows10-2004-x64
1GDHM_TASBO...ms.ps1
windows7-x64
1GDHM_TASBO...ms.ps1
windows10-2004-x64
1GDHM_TASBO...CN.ps1
windows7-x64
1GDHM_TASBO...CN.ps1
windows10-2004-x64
1GDHM_TASBO...32.dll
windows7-x64
1GDHM_TASBO...32.dll
windows10-2004-x64
1Analysis
-
max time kernel
18s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-03-2023 16:07
Behavioral task
behavioral1
Sample
GDHM_TASBOT_v35.6/.GDHM/.GDHM_uninstall.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GDHM_TASBOT_v35.6/.GDHM/.GDHM_uninstall.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GDHM_TASBOT_v35.6/.GDHM/tools/backup/msacm32.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GDHM_TASBOT_v35.6/.GDHM/tools/backup/msacm32.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
GDHM_TASBOT_v35.6/.GDHM/tools/backup/pthreadVCE2.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
GDHM_TASBOT_v35.6/.GDHM/tools/backup/pthreadVCE2.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
GDHM_TASBOT_v35.6/RoastedMarshmellow.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
GDHM_TASBOT_v35.6/RoastedMarshmellow.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
GDHM_TASBOT_v35.6/ToastedMarshmellow.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
GDHM_TASBOT_v35.6/ToastedMarshmellow.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
GDHM_TASBOT_v35.6/chrome_elf.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
GDHM_TASBOT_v35.6/chrome_elf.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
GDHM_TASBOT_v35.6/ffmpeg/ffmpeg.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
GDHM_TASBOT_v35.6/ffmpeg/ffmpeg.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
GDHM_TASBOT_v35.6/libGLESv2.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
GDHM_TASBOT_v35.6/libGLESv2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
GDHM_TASBOT_v35.6/libcef.dll
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
GDHM_TASBOT_v35.6/libcef.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
GDHM_TASBOT_v35.6/locales/et.ps1
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
GDHM_TASBOT_v35.6/locales/et.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
GDHM_TASBOT_v35.6/locales/ko.ps1
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
GDHM_TASBOT_v35.6/locales/ko.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
GDHM_TASBOT_v35.6/locales/ms.ps1
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
GDHM_TASBOT_v35.6/locales/ms.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
GDHM_TASBOT_v35.6/locales/zh-CN.ps1
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
GDHM_TASBOT_v35.6/locales/zh-CN.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
GDHM_TASBOT_v35.6/msacm32.dll
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
GDHM_TASBOT_v35.6/msacm32.dll
Resource
win10v2004-20230220-en
General
-
Target
GDHM_TASBOT_v35.6/.GDHM/tools/backup/msacm32.dll
-
Size
49KB
-
MD5
b716117f2a7a40be7ee08581763d08a5
-
SHA1
18807ae8c24fbefb08dbc2392c9a7a3219e95778
-
SHA256
330018168f76437f51c21964c5c5f96193c655b586597ec599145c905389f88a
-
SHA512
d5b4e6c745ae4075317c1288130dee6a39ef50ed7d57efa1592e31e573f9d56226ff8a43d6491249a9d272c6f25b17027a6f770347a7cb4c1f988d243d77f498
-
SSDEEP
768:zLSYj3GicWa/sxEF6rQ030shvY0YQW8Wn9muQo0UzN2hiV9J1Ss:3Sm6sxI6rQ7shwqWn9mNo0UzPR1S
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 932 1792 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\GDHM_TASBOT_v35.6\.GDHM\tools\backup\msacm32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\GDHM_TASBOT_v35.6\.GDHM\tools\backup\msacm32.dll,#12⤵PID:932