Overview

overview

10

Static

static

7

gemme ya b...01.exe

windows7-x64

8

gemme ya b...01.exe

windows10-2004-x64

8

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$R9/NsCpuC...32.exe

windows7-x64

7

$R9/NsCpuC...32.exe

windows10-2004-x64

7

$R9/NsCpuC...64.exe

windows7-x64

7

$R9/NsCpuC...64.exe

windows10-2004-x64

7

$R9/Plugin...os.dll

windows7-x64

3

$R9/Plugin...os.dll

windows10-2004-x64

3

$R9/Plugins/inetc.dll

windows7-x64

3

$R9/Plugins/inetc.dll

windows10-2004-x64

3

info.vbe

windows7-x64

8

info.vbe

windows10-2004-x64

8

$R9/Plugins/tftp.exe

windows7-x64

8

$R9/Plugins/tftp.exe

windows10-2004-x64

10

$R9/Stubs/bzip2.exe

windows7-x64

3

$R9/Stubs/bzip2.exe

windows10-2004-x64

3

$R9/Stubs/...id.exe

windows7-x64

3

$R9/Stubs/...id.exe

windows10-2004-x64

3

$R9/Stubs/lzma.exe

windows7-x64

3

$R9/Stubs/lzma.exe

windows10-2004-x64

3

$R9/Stubs/zlib.exe

windows7-x64

3

$R9/Stubs/zlib.exe

windows10-2004-x64

3

$R9/makensis.exe

windows7-x64

1

$R9/makensis.exe

windows10-2004-x64

1

$TEMP/tftp.exe

windows7-x64

10

$TEMP/tftp.exe

windows10-2004-x64

10

gemme ya booty/c.sh

windows7-x64

3

gemme ya booty/c.sh

windows10-2004-x64

3

Resubmissions

11/04/2024, 05:25

240411-f4bm4agc8t 10

11/04/2024, 01:54

240411-cbjw8acd6x 10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gemme ya booty/c.sh

  • Size

    996B

  • MD5

    0a746666a3c70b422673c91741cfbcbd

  • SHA1

    3f946cc6aa0ef42705c6e52c697aa6908ed3e0c0

  • SHA256

    691740332f2f6663cb2a7b774077317dedf6fc9921ee215209d4dd8f3247abad

  • SHA512

    71c8af30d205978b3847d6c149601d2d51d83b6945156017186335e28ca3114d75053f4d156a0c9a6add1a2ce132e2c96b38e671ff00665bde34d558a68259b1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\gemme ya booty\c.sh"
    1⤵
    • Modifies registry class
    PID:1148
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads