Overview

overview

7

Static

static

3

GRF Editor...er.exe

windows7-x64

7

GRF Editor...er.exe

windows10-2004-x64

7

GrfCL/Chan...on.bat

windows7-x64

1

GrfCL/Chan...on.bat

windows10-2004-x64

1

GrfCL/Chan...es.bat

windows7-x64

1

GrfCL/Chan...es.bat

windows10-2004-x64

1

GrfCL/Crea...Fs.bat

windows7-x64

1

GrfCL/Crea...Fs.bat

windows10-2004-x64

1

GrfCL/Disp...le.bat

windows7-x64

1

GrfCL/Disp...le.bat

windows10-2004-x64

1

GrfCL/Extr...er.bat

windows7-x64

1

GrfCL/Extr...er.bat

windows10-2004-x64

1

GrfCL/Extr...er.bat

windows7-x64

1

GrfCL/Extr...er.bat

windows10-2004-x64

1

GrfCL/GrfCL.exe

windows7-x64

1

GrfCL/GrfCL.exe

windows10-2004-x64

1

GrfCL/Make...es.bat

windows7-x64

1

GrfCL/Make...es.bat

windows10-2004-x64

1

GrfCL/Make...er.bat

windows7-x64

1

GrfCL/Make...er.bat

windows10-2004-x64

1

GrfCL/Make...es.bat

windows7-x64

7

GrfCL/Make...es.bat

windows10-2004-x64

7

GrfCL/Merg...er.bat

windows7-x64

1

GrfCL/Merg...er.bat

windows10-2004-x64

1

GrfCL/New ...RF.bat

windows7-x64

1

GrfCL/New ...RF.bat

windows10-2004-x64

1

GrfCL/Open...ll.bat

windows7-x64

1

GrfCL/Open...ll.bat

windows10-2004-x64

1

GrfCL/Rena...RF.bat

windows7-x64

1

GrfCL/Rena...RF.bat

windows10-2004-x64

1

GrfCL/Reso...ps.dll

windows7-x64

3

GrfCL/Reso...ps.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GrfCL/Make GIFs from ACT and SPR files.bat

  • Size

    216B

  • MD5

    96f11c7568a9cb91dbc8f59a5b1363d3

  • SHA1

    9be450d730292baca78ff52e2491d802204f75b4

  • SHA256

    a240e96ce366ace3b94d7b0a777ff0c84c11301380ce305c7abcb7fb250d5382

  • SHA512

    3d1445578df7009586e4534911a9694b3d602f8cfded0cb001845863f1b0f6174c6a0ed69381d68f198b8b3de6b50cb44fa38241a2ea3caffa55442f9b7124ae

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\GrfCL\Make GIFs from ACT and SPR files.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\GrfCL\GrfCL.exe
      GrfCL.exe -breakOnExceptions true -gif myGifs *.act 1 /ignore=True -break
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2588-0-0x0000000000210000-0x00000000003F4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2588-1-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2588-3-0x0000000000870000-0x000000000088E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2588-2-0x00000000004E0000-0x00000000004E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2588-5-0x0000000004AA0000-0x0000000004BD2000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2588-6-0x0000000000890000-0x00000000008BA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2588-4-0x00000000007C0000-0x0000000000800000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2588-7-0x0000000000970000-0x0000000000978000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2588-8-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2588-9-0x00000000007C0000-0x0000000000800000-memory.dmp

    Filesize

    256KB

    Download