Overview

overview

6

Static

static

1

gs-auto-cl...o2.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    294s
  • max time network
    283s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-05-2024 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gs-auto-clicker-3.1.4-installer_kT-mCo2.exe

  • Size

    1.7MB

  • MD5

    7a925d2e6fbd0b222201d248770be07b

  • SHA1

    bec0a25875e578eb27a976d9c981cd3f4b3d415e

  • SHA256

    36c2f19f74e8768e03b6874f5f82a75120af2719f64d336ea1799fde43a49ee3

  • SHA512

    263aaa019d76b082daa7e0e9a9b675d5bac55a3da8f4ea95748b133dd2a6acade7557517923e8bf4c82a3654c36e346145c18b2c25bf5d571bf06a6e5701727c

  • SSDEEP

    49152:ABuZrEUWXT54VXhT4SROOXpzZR6GNGEt:ekLWX14VXmSHXpzn6+

Score
6/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_kT-mCo2.exe
    "C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_kT-mCo2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\is-5L29J.tmp\gs-auto-clicker-3.1.4-installer_kT-mCo2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5L29J.tmp\gs-auto-clicker-3.1.4-installer_kT-mCo2.tmp" /SL5="$40226,875199,832512,C:\Users\Admin\AppData\Local\Temp\gs-auto-clicker-3.1.4-installer_kT-mCo2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4496
      • C:\Users\Admin\Downloads\gs-auto-clicker-3.1.4-installer.exe
        "C:\Users\Admin\Downloads\gs-auto-clicker-3.1.4-installer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5L29J.tmp\gs-auto-clicker-3.1.4-installer_kT-mCo2.tmp
    Filesize

    3.1MB

    MD5

    ed5949899720cc26bef697723bc83a96

    SHA1

    3b410a0e84e33d706a9f4d614d74bfbd0314815b

    SHA256

    f268e522dab9c491b9aa8dc47ab38860531c3f95694e174ceab1bf74deabcf50

    SHA512

    19090e875d19d9705eb23f445f3394d8bb1bf2066ecf848882d028efa100b93f62ffbc986ef355473f70c4f057f73c9da18de4579d15b2d55c9624c79c6a577a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-9KK9L.tmp\RAV_Cross.png
    Filesize

    56KB

    MD5

    4167c79312b27c8002cbeea023fe8cb5

    SHA1

    fda8a34c9eba906993a336d01557801a68ac6681

    SHA256

    c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8

    SHA512

    4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-9KK9L.tmp\botva2.dll
    Filesize

    37KB

    MD5

    67965a5957a61867d661f05ae1f4773e

    SHA1

    f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

    SHA256

    450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

    SHA512

    c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-9KK9L.tmp\mainlogo.jpg
    Filesize

    2KB

    MD5

    a208aee8dac080db754d78d4b2315342

    SHA1

    28f8c296d42f681fa4b362a6b7856b033795d7b2

    SHA256

    97dd1341d586e3a67dc32802522d2fe3a56fadcbfff50503ebc1ee6d76889011

    SHA512

    4f94cb622011b33627f50ee3402af76dd993826d7ffa3c1e837528d80f01768611bcc7af822ec3ca085f7db8441d335d554bf7aaaede133f56c914895764be18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-9KK9L.tmp\v_in_black_circle.png
    Filesize

    1KB

    MD5

    31eb10bb3b18e8aeed132ce3f9ccc267

    SHA1

    88b5e74a593c523206a588fc1a9d1bc1f3021915

    SHA256

    b64f4684beb5dabe885298a64a82c2182e8cb86c755cba162fc3916d3fb68437

    SHA512

    f5b7c89027b68783a6fc9101c1c4554b5c15d48b9d2ababfdfe5fb3e35777f43631776ee39ce951f9aad0c41ebb1fa0bbd4dfe1b2f81179ef5af55cccdd541e9

    Download Submit

  • C:\Users\Admin\Downloads\gs-auto-clicker-3.1.4-installer.exe
    Filesize

    846KB

    MD5

    6862f65be14fd3ce88086ec79777db6e

    SHA1

    7f0eb7535b59a926446a400ff93f48165b58ac95

    SHA256

    7c90795c9b28fac978386626f5a54033dc9cba46ef6a3f742fc7d52b394590f2

    SHA512

    d04700ca41bd2076ecb7b9028ba16738de479b3113efea0c86613f354e977f9b4dff6dbd8c06fcc4536be0585cff7f0e2636a2a6789373efad7788a7559bab04

    Download Submit

  • memory/4496-8-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-78-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-129-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-57-0x0000000004D50000-0x0000000004D5F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4496-56-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-98-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-79-0x0000000004D50000-0x0000000004D5F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4496-49-0x0000000004D50000-0x0000000004D5F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4496-81-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-6-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4496-99-0x0000000004D50000-0x0000000004D5F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5012-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/5012-7-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/5012-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/5012-131-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download