Overview
overview
7Static
static
3Text%20on%...if.bat
windows7-x64
1Text%20on%...if.bat
windows10-2004-x64
1Text%20on%...dme.md
windows7-x64
3Text%20on%...dme.md
windows10-2004-x64
3Text%20on%...ki.exe
windows7-x64
1Text%20on%...ki.exe
windows10-2004-x64
1Text%20on%...go.gif
windows7-x64
1Text%20on%...go.gif
windows10-2004-x64
1Text%20on%...al.ttf
windows7-x64
3Text%20on%...al.ttf
windows10-2004-x64
7Text%20on%...dme.md
windows7-x64
3Text%20on%...dme.md
windows10-2004-x64
3Text%20on%...dme.md
windows7-x64
3Text%20on%...dme.md
windows10-2004-x64
3Text%20on%...if.exe
windows7-x64
7Text%20on%...if.exe
windows10-2004-x64
7text_to_gif.pyc
windows7-x64
3text_to_gif.pyc
windows10-2004-x64
3Text%20on%...gif.py
windows7-x64
3Text%20on%...gif.py
windows10-2004-x64
3bane2.png
windows7-x64
3bane2.png
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 22:43
Behavioral task
behavioral1
Sample
Text%20on%20gif/create_gif.bat
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Text%20on%20gif/create_gif.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Text%20on%20gif/frames/readme.md
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Text%20on%20gif/frames/readme.md
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Text%20on%20gif/gifski.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Text%20on%20gif/gifski.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Text%20on%20gif/logo.gif
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
Text%20on%20gif/logo.gif
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Text%20on%20gif/primordial.ttf
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Text%20on%20gif/primordial.ttf
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Text%20on%20gif/readme.md
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Text%20on%20gif/readme.md
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
Text%20on%20gif/temp-frames/readme.md
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
Text%20on%20gif/temp-frames/readme.md
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Text%20on%20gif/text_to_gif.exe
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
Text%20on%20gif/text_to_gif.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
text_to_gif.pyc
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
text_to_gif.pyc
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
Text%20on%20gif/text_to_gif.py
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Text%20on%20gif/text_to_gif.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
bane2.png
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
bane2.png
Resource
win10v2004-20240426-en
General
-
Target
Text%20on%20gif/text_to_gif.exe
-
Size
10.9MB
-
MD5
febe7172c9c619467603e18f34f5d6a8
-
SHA1
41398c0a759c5e8b5d3daff60d61bcb6463a875d
-
SHA256
d3869682b9b53c2781e2b1ad9b610600ed25f390ce144d7212743896dcdab463
-
SHA512
f3d52b01820d010a7e9e662bcb6192268f6630f89223da83724e7b3b6af792bfe81d01514d5c45de86ef9abda4171af2d947e343289cc8c22c2769708720d45c
-
SSDEEP
196608:AHOgSJR1FIPfXa6uWJysVYvsO5okRMPdXVJECGNQ2eQOTrX1iCE3SbbNI944utjT:kE1F8PGWJOokRCXVmrNtwQCE3SHiI5T
Malware Config
Signatures
-
Loads dropped DLL 18 IoCs
pid Process 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe 2508 text_to_gif.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2508 2208 text_to_gif.exe 29 PID 2208 wrote to memory of 2508 2208 text_to_gif.exe 29 PID 2208 wrote to memory of 2508 2208 text_to_gif.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"2⤵
- Loads dropped DLL
PID:2508
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5b684a867c543afa326e50f0baa1ecb6d
SHA14f20d3b8c647fc424bf61ea48a3d275838c99f3a
SHA25644fd0c580d2ebbc7899f52fccae53c36cc89f502d593a8341007d21316350b26
SHA51245883d15c042b2e85dd74cd61306d8dd0fae5084f8971164ea1a7716f095036ced0b892a946660e2b68603362186946f9cf2de04f95ae0d46994a01f86b95e18
-
Filesize
1.4MB
MD56447dc0adb8dafc7cfe790366ee0d6e5
SHA1e69006d5cde6eae7132e1f639abf54107dd4afdd
SHA256ea3cd8c3f3e6a1bd76eaf7abb1b3d329bf78b2bd0f716ef5fd47644c56c822d3
SHA5128ca2b3ce7bee04b04f26121144c77407c37439ae3d3c590799ae7ce48171b71e97b662bd1f14e7ca7474d9a280a2cd365f428a1ccfca0cb205ab8228a2b039d5
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
36KB
MD5135359d350f72ad4bf716b764d39e749
SHA12e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA25634048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
-
Filesize
62KB
MD58c28ec788e715e3ca5dc2dd42cf9d250
SHA116e1b4c324f6f2fa7a206b5fbdd652477756825a
SHA25691a6cb5ff61c48cdfff369341aa7ad85cca7a3cd32e714f6e80187f7ee399d3b
SHA512be67d56fc6c7b672467626a30ae56943e6a9f1fbcc66c9edef5a67935bf314c7f745e6029eade27c4acd525e38ffcda77e3f229a7a5f4ada35547d39f2955a00
-
Filesize
82KB
MD570a3a9e6d086a965bd164eb171f3f537
SHA1a85dea115761d8a85ea08004fa65d975bbf37fdc
SHA2565294b29c8130bad79b0a4ba9007f076843ebd35df6317b90ec9822f0ba3d8b57
SHA512447937793cbbe64025db3f3a51cc2124fc73a418aa690db1ff5290edd4deac6a34d894653a33356e1d7ea3fdfcde801c9daa00873c0409d2223217d403c954a0
-
Filesize
121KB
MD59082abcff2c89a406e7eddc1a1d4afd9
SHA1b114950c87dd1c544cf02704f5164a315993a716
SHA256591392e5c488defdcfb179bc0db96504577e2122370ae480e840a90d53ce3f44
SHA5123176d9898c77bb766679242c9667516868b25eadf59d7b92fe751d3bb81a9f4b68472df0d6234b159f27ca1503de29f574bd09b072cd38f503c8d5348d9dd4f5
-
Filesize
246KB
MD524919c42c43d9ef08d4e372c339d9e47
SHA14ed83cdab8830605a7bb75cb03a5764b8ee5c886
SHA256d8e4150517435b30913f4016df052dc7409d0e2b69b5f24333c274d504c4633f
SHA512d2b8a9eed20e27390b47b23140feac340cf448c5c4b5deefe3e42f91e1b3482be1cffa5499b0c062e36ecea8990bea2523dbbef58acc816d3a0f89eddbab5ff1
-
Filesize
77KB
MD5458f0f0ed8d16019d7c2d157bddea94b
SHA1d21848e4ebafac0b9e9ca8d71e4f8cd2b5aaca57
SHA256e6bdbe5d5d66c9790e490f6dbb695ca87a9acffa51c4a37d2948b7f1ba2c8b42
SHA51200eb3c535a0074765f146523b0bb6f16360609a13a38579b19a2635590c2d947c5eaa7e78e7a9324b3670c505d6310e75e78f7e6fdadc23aa12ad165bdfccc69
-
Filesize
116KB
MD5486431c1032139d202565800a0729a3b
SHA10c43a02f1ba3162033410926fe4b22fe79ed81f1
SHA2563dce8bd61cc46761033cd1457c64fe66ff306ea77aadf5543834a9be3b50c074
SHA5124906d70e76ee1dc308027662613b29872f1c97f3e6390c913f1bb456c7be172989f6d1c5671500c23e7d5d054281e10de8d822350aa5606b73d7518b7c4beabe
-
Filesize
775KB
MD5ef85fd90311ad1d32e5eb93e6195a2da
SHA134b356978571872f6ca3b7779ea9be265db65894
SHA25650b2065fb651a5935816aca199e0dc8eeaaa73363428c83cdcdcb49da4940163
SHA51203665836836bf5f1c29fd270628d86f8b6cb5bdb3d43eb36894853a40dfa533abe76c5c74466d3c636c8f9323c323f50725ea569bca8eee495f71fd1677248c3
-
Filesize
3.2MB
MD5bf83f8ad60cb9db462ce62c73208a30d
SHA1f1bc7dbc1e5b00426a51878719196d78981674c4
SHA256012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d
SHA512ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
670KB
MD5fe1f3632af98e7b7a2799e3973ba03cf
SHA1353c7382e2de3ccdd2a4911e9e158e7c78648496
SHA2561ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b
SHA512a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0
-
Filesize
185KB
MD5b9927b95ff204d9149b6ef7430e70220
SHA1502e0311a32bd5ce2dea87ffce21ddbaf255b07f
SHA256e383225fd8917977fe16f628f9bc9c9cfaf346feb3a90f1f0615dbfb64cc1496
SHA512fc5e879dbce1585cf2726c7db480e81b7180276c8c537b43e33b74e47a0c6d7a292b9843cd60b45046d3dabc9b165891e3ac57b7bd39a391bfea1b9aae51fb30
-
Filesize
4.0MB
MD59e3ded73b6263b671a1d6c98256b721a
SHA1814045f7a2be0ab7a8d34dc8156ba9ca06253ab9
SHA256215e4f42658a1ba952197a3973ebafd2cd1d40a41c335ae376feacbcf5b04e87
SHA5128323ffb40bbaee89b1a3f1a160a24776394591ed21dc63ccb82bece7b9a1fdc2c10404eb9f3f94bae730c57bdfd99210f67a532f789f5e5c5ea14fe76b3ad05b
-
Filesize
26KB
MD5ac8caceeaa28137a14784563d126ed7e
SHA14dcbe48eaa53d5c7d91c420df823dbff54f4da5f
SHA2568e6d1a33b16dcc3922f7159a30ff596194a59b4a8fb5f9864517f03fd19f2c78
SHA512b67bff989af102f5087d95993e9bd57c6808e401979707bc2d33b386326b964abb71f497d82747725fb040a1d337ee453a1d57c37b72fdc06f7ea7687dda8f12
-
Filesize
553KB
MD56da7f4530edb350cf9d967d969ccecf8
SHA13e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA2569fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA5121f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab
-
Filesize
44KB
MD53306d52d49aa0107495e138bf5f64694
SHA1ddf8a31cde3e34fe2ba4f8ba57ab1f47a379046f
SHA2563f3032201cc0e94e73d227f905a99cbf5c117b16fdd29eea210fe6cfdeed38d5
SHA5126fe3d3ced390572cdc874752b095c7adb0b2c1a5251d614da47c8bfd20dce1fc1a32c7b775dceaca5633cbdf33b4e47941c95a8a3c80a1341debdd6882275f0d