c176d3a08dfacefce09335373c05cf4396b9ac7776eccee4daec6b9789efc5ae

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 19:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe
Size

1.7MB
MD5

6b285be047031c5eccd78a488a8a5628
SHA1

49f57e0c610daae95c35553e22cf814cd6e90efe
SHA256

c176d3a08dfacefce09335373c05cf4396b9ac7776eccee4daec6b9789efc5ae
SHA512

e069358595ed190163e22af97b41ea173a79595e8de6d2539290263e77a358ed58ef65157b113ad46ed4500202c3441fb5bc181cbde7adaa51c7795a8069d0ed
SSDEEP

24576:a7FUDowAyrTVE3U5F/HLpToNUF/56OcBPpiHVs5bTe9ME3+PI/HcQUsWTO3B2:aBuZrEUHqNU956OcBPas5e/OPIPIo3

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
2224	gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2224	1756	gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe	84
PID 1756 wrote to memory of 2224	1756	gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe	84
PID 1756 wrote to memory of 2224	1756	gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe	84

C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe
"C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\is-BFHNA.tmp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BFHNA.tmp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp" /SL5="$401D8,837466,832512,C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3DNMT.tmp\mainlogo.jpg

Filesize
2KB

MD5
a208aee8dac080db754d78d4b2315342

SHA1
28f8c296d42f681fa4b362a6b7856b033795d7b2

SHA256
97dd1341d586e3a67dc32802522d2fe3a56fadcbfff50503ebc1ee6d76889011

SHA512
4f94cb622011b33627f50ee3402af76dd993826d7ffa3c1e837528d80f01768611bcc7af822ec3ca085f7db8441d335d554bf7aaaede133f56c914895764be18

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BFHNA.tmp\gs-auto-clicker-3.1.4-installer_Y2-Sp11.tmp

Filesize
1.1MB

MD5
8f07e4eeb9af3e4c6d8c2f539fdd4854

SHA1
63de0e3c1a6bd2d17b4f8c6d13982194126153fd

SHA256
df252e178ce2fb90f3359ed6d9598ff799f6bc4359ed35f463715dc9651f6bc0

SHA512
fa651d68fc1dba3dacab602add68d80164a95135ccd81aa7583705b004380901d011a64c4cf7d62676a97ac2de1c859e3be9c558d45200bd8e355966c0d0d9df

Download Submit
memory/1756-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1756-20-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2224-5-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/2224-18-0x0000000003610000-0x0000000003750000-memory.dmp

Filesize
1.2MB

Download
memory/2224-19-0x0000000003610000-0x0000000003750000-memory.dmp

Filesize
1.2MB

Download
memory/2224-21-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2224-24-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/2224-27-0x0000000003610000-0x0000000003750000-memory.dmp

Filesize
1.2MB

Download