2661ec0a0e9292c580ae663ffad6b19e860278dfa681af9e49db137819b9bd16 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

ARSoft.Tools.Net.dll

windows7-x64

1

ARSoft.Tools.Net.dll

windows10-2004-x64

1

BsSndRpt.exe

windows7-x64

1

BsSndRpt.exe

windows10-2004-x64

1

BugSplatDotNet.dll

windows7-x64

1

BugSplatDotNet.dll

windows10-2004-x64

1

BugSplatRc.dll

windows7-x64

1

BugSplatRc.dll

windows10-2004-x64

1

CyberGhost...on.dll

windows7-x64

1

CyberGhost...on.dll

windows10-2004-x64

1

CyberGhost...or.dll

windows7-x64

1

CyberGhost...or.dll

windows10-2004-x64

1

CyberGhost...ce.exe

windows7-x64

1

CyberGhost...ce.exe

windows10-2004-x64

1

CyberGhost...gs.dll

windows7-x64

1

CyberGhost...gs.dll

windows10-2004-x64

1

CyberGhost...es.dll

windows7-x64

1

CyberGhost...es.dll

windows10-2004-x64

1

CyberGhost.exe

windows7-x64

1

CyberGhost.exe

windows10-2004-x64

7

DE/CyberGh...es.dll

windows7-x64

1

DE/CyberGh...es.dll

windows10-2004-x64

1

DE/Lizenzvertrag.rtf

windows7-x64

4

DE/Lizenzvertrag.rtf

windows10-2004-x64

1

DE/OpenVPN...se.pdf

windows7-x64

1

DE/OpenVPN...se.pdf

windows10-2004-x64

1

Data/OpenV...32.dll

windows7-x64

1

Data/OpenV...32.dll

windows10-2004-x64

1

Data/OpenV...-2.dll

windows7-x64

3

Data/OpenV...-2.dll

windows10-2004-x64

3

Data/OpenV...-1.dll

windows7-x64

3

Data/OpenV...-1.dll

windows10-2004-x64

3

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:07

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ARSoft.Tools.Net.dll

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ARSoft.Tools.Net.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

BsSndRpt.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

BsSndRpt.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

BugSplatDotNet.dll

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

BugSplatDotNet.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

BugSplatRc.dll

Resource

win7-20240215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

BugSplatRc.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

CyberGhost.Communication.dll

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

CyberGhost.Communication.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

CyberGhost.RESTCommunicator.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

CyberGhost.RESTCommunicator.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

CyberGhost.Service.exe

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

CyberGhost.Service.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

CyberGhost.Settings.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

CyberGhost.Settings.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

CyberGhost.VPNServices.dll

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

CyberGhost.VPNServices.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

CyberGhost.exe

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

CyberGhost.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral21

Sample

DE/CyberGhost.resources.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

DE/CyberGhost.resources.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

DE/Lizenzvertrag.rtf

Resource

win7-20240221-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral24

Sample

DE/Lizenzvertrag.rtf

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral25

Sample

DE/OpenVPN-License.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

DE/OpenVPN-License.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral27

Sample

Data/OpenVPN/libeay32.dll

Resource

win7-20240508-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

Data/OpenVPN/libeay32.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

Data/OpenVPN/liblzo2-2.dll

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

Data/OpenVPN/liblzo2-2.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

Data/OpenVPN/libpkcs11-helper-1.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

Data/OpenVPN/libpkcs11-helper-1.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

CyberGhost.Service.exe
Size

233KB
MD5

6e0dbdb495e0529370b27baa27db6528
SHA1

778c4a29abffbffdc63840f68e9ced44eab2cbfe
SHA256

dfb23aa3f9277876ab70e594b6722d99dcebce32331cd80728e9a3fa1d4f09d6
SHA512

17eb55170a42c43e48ecd0248421340eea8177228764d0cf25f843c8f52ac454e3656f818f2d09b8e4866b13e79df9235b4bea0210dd4986b801dbb654a5631c
SSDEEP

6144:SSu58jcZL/sW+ZIAaZ6buyxwLnWWmWa/YRX4HoHD/0yIYqMiY+:1+BZLUW+ZIAaZ6buyxwLnWlWa/YRX4HT

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\CyberGhost.Service.exe
"C:\Users\Admin\AppData\Local\Temp\CyberGhost.Service.exe"
1⤵
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3872-0-0x000001A067180000-0x000001A0671C0000-memory.dmp

Filesize
256KB

Download
memory/3872-1-0x00007FFE24A83000-0x00007FFE24A85000-memory.dmp

Filesize
8KB

Download
memory/3872-2-0x000001A067560000-0x000001A067566000-memory.dmp

Filesize
24KB

Download
memory/3872-3-0x000001A069630000-0x000001A06968C000-memory.dmp

Filesize
368KB

Download
memory/3872-4-0x000001A0675B0000-0x000001A0675CA000-memory.dmp

Filesize
104KB

Download
memory/3872-6-0x00007FFE24A80000-0x00007FFE25541000-memory.dmp

Filesize
10.8MB

Download
memory/3872-7-0x00007FFE24A80000-0x00007FFE25541000-memory.dmp

Filesize
10.8MB

Download

© 2018-2024

Terms | Privacy