Overview

overview

10

Static

static

7

gemme ya b...01.exe

windows7-x64

8

gemme ya b...01.exe

windows10-2004-x64

8

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$R9/NsCpuC...32.exe

windows7-x64

7

$R9/NsCpuC...32.exe

windows10-2004-x64

7

$R9/NsCpuC...64.exe

windows7-x64

7

$R9/NsCpuC...64.exe

windows10-2004-x64

7

$R9/Plugin...os.dll

windows7-x64

3

$R9/Plugin...os.dll

windows10-2004-x64

3

$R9/Plugins/inetc.dll

windows7-x64

3

$R9/Plugins/inetc.dll

windows10-2004-x64

3

info.vbe

windows7-x64

8

info.vbe

windows10-2004-x64

8

$R9/Plugins/tftp.exe

windows7-x64

8

$R9/Plugins/tftp.exe

windows10-2004-x64

10

$R9/Stubs/bzip2.exe

windows7-x64

3

$R9/Stubs/bzip2.exe

windows10-2004-x64

3

$R9/Stubs/...id.exe

windows7-x64

3

$R9/Stubs/...id.exe

windows10-2004-x64

3

$R9/Stubs/lzma.exe

windows7-x64

3

$R9/Stubs/lzma.exe

windows10-2004-x64

3

$R9/Stubs/zlib.exe

windows7-x64

3

$R9/Stubs/zlib.exe

windows10-2004-x64

3

$R9/makensis.exe

windows7-x64

1

$R9/makensis.exe

windows10-2004-x64

1

$TEMP/tftp.exe

windows7-x64

10

$TEMP/tftp.exe

windows10-2004-x64

10

gemme ya booty/c.sh

windows7-x64

3

gemme ya booty/c.sh

windows10-2004-x64

3

Resubmissions

11/04/2024, 05:25

240411-f4bm4agc8t 10

11/04/2024, 01:54

240411-cbjw8acd6x 10

Analysis

  • max time kernel
    160s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gemme ya booty/c.sh

  • Size

    996B

  • MD5

    0a746666a3c70b422673c91741cfbcbd

  • SHA1

    3f946cc6aa0ef42705c6e52c697aa6908ed3e0c0

  • SHA256

    691740332f2f6663cb2a7b774077317dedf6fc9921ee215209d4dd8f3247abad

  • SHA512

    71c8af30d205978b3847d6c149601d2d51d83b6945156017186335e28ca3114d75053f4d156a0c9a6add1a2ce132e2c96b38e671ff00665bde34d558a68259b1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\gemme ya booty\c.sh"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\gemme ya booty\c.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\gemme ya booty\c.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0c3c510c8b6f5a0695b1d02f88a35728

    SHA1

    a27dd4a02e69d667d2f6db989d409ff6c617dc41

    SHA256

    0fa52564bfdf01379f30f2e9dfdd1f5e07879a9984c422968a6a6e29d8500802

    SHA512

    28d5d4ebc4f03e580ad5b888d9bbbe933109c1c208c23675c6c93a0a1db8c65e602befb9cfe2bd2eabd0d4e5bd43313ed8495f32df4ab47583a0df9f172ff11b

    Download Submit