Overview
overview
7Static
static
7Gccg/Check...ed.bat
windows7-x64
7Gccg/Check...ed.bat
windows10-2004-x64
7Gccg/Insta...ds.bat
windows7-x64
7Gccg/Insta...ds.bat
windows10-2004-x64
7Gccg/Install LOTR.bat
windows7-x64
7Gccg/Install LOTR.bat
windows10-2004-x64
7Gccg/Insta...ch.bat
windows7-x64
1Gccg/Insta...ch.bat
windows10-2004-x64
1Gccg/Insta...ds.bat
windows7-x64
7Gccg/Insta...ds.bat
windows10-2004-x64
7Gccg/Insta...ch.bat
windows7-x64
1Gccg/Insta...ch.bat
windows10-2004-x64
1Gccg/Install METW.bat
windows7-x64
7Gccg/Install METW.bat
windows10-2004-x64
7Gccg/Insta...ds.bat
windows7-x64
7Gccg/Insta...ds.bat
windows10-2004-x64
7Gccg/Install MTG.bat
windows7-x64
7Gccg/Install MTG.bat
windows10-2004-x64
7Gccg/Insta...ds.bat
windows7-x64
7Gccg/Insta...ds.bat
windows10-2004-x64
7Gccg/Insta...on.bat
windows7-x64
7Gccg/Insta...on.bat
windows10-2004-x64
7Gccg/Insta...ce.bat
windows7-x64
7Gccg/Insta...ce.bat
windows10-2004-x64
7Gccg/Install.bat
windows7-x64
7Gccg/Install.bat
windows10-2004-x64
7Gccg/Metw_deu.bat
windows7-x64
1Gccg/Metw_deu.bat
windows10-2004-x64
1Gccg/Updat...ng.bat
windows7-x64
1Gccg/Updat...ng.bat
windows10-2004-x64
1Gccg/chmod.exe
windows7-x64
1Gccg/chmod.exe
windows10-2004-x64
1Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2023 13:51
Behavioral task
behavioral1
Sample
Gccg/Check Installed.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
Gccg/Check Installed.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Gccg/Install LOTR Cards.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral4
Sample
Gccg/Install LOTR Cards.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Gccg/Install LOTR.bat
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral6
Sample
Gccg/Install LOTR.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Gccg/Install METW Cards deutsch.bat
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral8
Sample
Gccg/Install METW Cards deutsch.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Gccg/Install METW Cards.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral10
Sample
Gccg/Install METW Cards.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Gccg/Install METW deutsch.bat
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral12
Sample
Gccg/Install METW deutsch.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Gccg/Install METW.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral14
Sample
Gccg/Install METW.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Gccg/Install MTG Cards.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
Gccg/Install MTG Cards.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Gccg/Install MTG.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral18
Sample
Gccg/Install MTG.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Gccg/Install Pokemon Cards.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral20
Sample
Gccg/Install Pokemon Cards.bat
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Gccg/Install Pokemon.bat
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral22
Sample
Gccg/Install Pokemon.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Gccg/Install Source.bat
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral24
Sample
Gccg/Install Source.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Gccg/Install.bat
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral26
Sample
Gccg/Install.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Gccg/Metw_deu.bat
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral28
Sample
Gccg/Metw_deu.bat
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Gccg/Update Everything.bat
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral30
Sample
Gccg/Update Everything.bat
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Gccg/chmod.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral32
Sample
Gccg/chmod.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
Gccg/Install MTG Cards.bat
-
Size
97B
-
MD5
6fdcff22d464860d76bcbf91c6ea552d
-
SHA1
e762d26a74d75cf02f3e8fc02ea63634099255b4
-
SHA256
26dd98120cc3806dbe24a22db74a166f801023325e9b028c9e84119dd7ec6a22
-
SHA512
cd7fc565d8ea400cbbe74e00e5fc55ce71767501b9b65dfd12e5af3d34ae3d44476b5a516e21b78a5887a1bee3f34289ef3e2eb6b71cfa78482d3f23417c968e
Malware Config
Signatures
-
resource yara_rule behavioral16/memory/2068-0-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/2068-1-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/2744-2-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/2744-3-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/4416-4-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/2112-5-0x0000000000400000-0x000000000049C000-memory.dmp upx behavioral16/memory/2568-6-0x0000000000400000-0x000000000049C000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2068 wget.exe 2068 wget.exe 2744 wget.exe 2744 wget.exe 4416 wget.exe 4416 wget.exe 2112 wget.exe 2112 wget.exe 2568 wget.exe 2568 wget.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 3788 wrote to memory of 3464 3788 cmd.exe 87 PID 3788 wrote to memory of 3464 3788 cmd.exe 87 PID 3788 wrote to memory of 3464 3788 cmd.exe 87 PID 3464 wrote to memory of 2068 3464 perl.exe 88 PID 3464 wrote to memory of 2068 3464 perl.exe 88 PID 3464 wrote to memory of 2068 3464 perl.exe 88 PID 3464 wrote to memory of 2744 3464 perl.exe 89 PID 3464 wrote to memory of 2744 3464 perl.exe 89 PID 3464 wrote to memory of 2744 3464 perl.exe 89 PID 3464 wrote to memory of 4416 3464 perl.exe 90 PID 3464 wrote to memory of 4416 3464 perl.exe 90 PID 3464 wrote to memory of 4416 3464 perl.exe 90 PID 3464 wrote to memory of 2112 3464 perl.exe 92 PID 3464 wrote to memory of 2112 3464 perl.exe 92 PID 3464 wrote to memory of 2112 3464 perl.exe 92 PID 3464 wrote to memory of 2568 3464 perl.exe 94 PID 3464 wrote to memory of 2568 3464 perl.exe 94 PID 3464 wrote to memory of 2568 3464 perl.exe 94
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Gccg\Install MTG Cards.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3788 -
C:\Users\Admin\AppData\Local\Temp\Gccg\perl.exeperl gccg_package install core client fonts-windows windows32 mtg mtg-cards-*2⤵
- Suspicious use of WriteProcessMemory
PID:3464 -
C:\Users\Admin\AppData\Local\Temp\Gccg\wget.exewget -t 0 http://gccg.sourceforge.net/modules/available.xml3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Users\Admin\AppData\Local\Temp\Gccg\wget.exewget -t 0 http://www.derangedmonkey.com/bmin/available.xml3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744
-
-
C:\Users\Admin\AppData\Local\Temp\Gccg\wget.exewget -t 0 http://www.reneploetz.de/gccg/available.xml3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4416
-
-
C:\Users\Admin\AppData\Local\Temp\Gccg\wget.exewget -t 0 http://lotrtcgdb.com/files/gccg/available.xml3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2112
-
-
C:\Users\Admin\AppData\Local\Temp\Gccg\wget.exewget -t 0 http://whiterose.net/~wlk/gccg/available.xml3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568
-
-