Overview

overview

7

Static

static

7

GDHM_TASBO...ll.bat

windows7-x64

1

GDHM_TASBO...ll.bat

windows10-2004-x64

1

GDHM_TASBO...32.dll

windows7-x64

1

GDHM_TASBO...32.dll

windows10-2004-x64

1

GDHM_TASBO...E2.dll

windows7-x64

1

GDHM_TASBO...E2.dll

windows10-2004-x64

1

GDHM_TASBO...ow.dll

windows7-x64

7

GDHM_TASBO...ow.dll

windows10-2004-x64

7

GDHM_TASBO...ow.dll

windows7-x64

1

GDHM_TASBO...ow.dll

windows10-2004-x64

1

GDHM_TASBO...lf.dll

windows7-x64

1

GDHM_TASBO...lf.dll

windows10-2004-x64

1

GDHM_TASBO...eg.exe

windows7-x64

1

GDHM_TASBO...eg.exe

windows10-2004-x64

1

GDHM_TASBO...v2.dll

windows7-x64

3

GDHM_TASBO...v2.dll

windows10-2004-x64

3

GDHM_TASBO...ef.dll

windows7-x64

1

GDHM_TASBO...ef.dll

windows10-2004-x64

1

GDHM_TASBO...et.ps1

windows7-x64

1

GDHM_TASBO...et.ps1

windows10-2004-x64

1

GDHM_TASBO...ko.ps1

windows7-x64

1

GDHM_TASBO...ko.ps1

windows10-2004-x64

1

GDHM_TASBO...ms.ps1

windows7-x64

1

GDHM_TASBO...ms.ps1

windows10-2004-x64

1

GDHM_TASBO...CN.ps1

windows7-x64

1

GDHM_TASBO...CN.ps1

windows10-2004-x64

1

GDHM_TASBO...32.dll

windows7-x64

1

GDHM_TASBO...32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2023, 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GDHM_TASBOT_v35.6/locales/et.ps1

  • Size

    365KB

  • MD5

    f053123bc4a671fe578a157fb2492085

  • SHA1

    0a24eea3611a919b2631c8c028d4eef866e6835f

  • SHA256

    2e092178532ea4c65c2524c09eb6d2a2cc0aa1f4bb18fcbf3ffa696b9b3df785

  • SHA512

    7cac44bb9b27b692b6469ddcbcef5a262f2a4ae2f25b6eb4eb6044c613cf0fdd7bc1c32f3fc983dc8bd7c0c11325ae84a670d2fc737b9a54064e3fbfae21d60b

  • SSDEEP

    6144:Pb1bXAyruOH+yzZpDM04jRy2zmJbT/RcLviLVG59j643ueLfTPQD:DZFruNyrDwuXG59jM

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\GDHM_TASBOT_v35.6\locales\et.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2320-5-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2320-4-0x000000001B270000-0x000000001B552000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2320-8-0x00000000025D0000-0x0000000002650000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2320-9-0x00000000025D0000-0x0000000002650000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2320-7-0x0000000002490000-0x0000000002498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2320-6-0x00000000025D0000-0x0000000002650000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2320-10-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2320-11-0x00000000025D0000-0x0000000002650000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2320-12-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download