Overview
overview
9Static
static
3gpg.exe
windows7-x64
1gpg.exe
windows10-2004-x64
1gpgconf.exe
windows7-x64
1gpgconf.exe
windows10-2004-x64
1libassuan-0.dll
windows7-x64
3libassuan-0.dll
windows10-2004-x64
3libgcrypt-20.dll
windows7-x64
1libgcrypt-20.dll
windows10-2004-x64
3libgpg-error-0.dll
windows7-x64
1libgpg-error-0.dll
windows10-2004-x64
1libnpth-0.dll
windows7-x64
1libnpth-0.dll
windows10-2004-x64
1libsqlite3-0.dll
windows7-x64
3libsqlite3-0.dll
windows10-2004-x64
3trkop.vbs
windows7-x64
9trkop.vbs
windows10-2004-x64
9zapa.bat
windows7-x64
7zapa.bat
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 16:07
Static task
static1
Behavioral task
behavioral1
Sample
gpg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
gpg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
gpgconf.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
gpgconf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
libassuan-0.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
libassuan-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
libgcrypt-20.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
libgcrypt-20.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
libgpg-error-0.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
libgpg-error-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
libnpth-0.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
libnpth-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
libsqlite3-0.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
libsqlite3-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
trkop.vbs
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
trkop.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
zapa.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
zapa.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
zlib1.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
zlib1.dll
Resource
win10v2004-20240508-en
General
-
Target
libnpth-0.dll
-
Size
27KB
-
MD5
e132eccf9a1eac741c9e9806a143c475
-
SHA1
e5420ea0a935e32a6b4634756345aa3d2174cac5
-
SHA256
30362bd4c6d7d2bf23f76b2d23a64dfdb79f3dd3f32478e6247d31cf1de78fc7
-
SHA512
3ea415452dd3ee9d0571c3ecad32cac2f24895cfaf8756bb3543a9e193deb46edee8fd73c38b188b44dd296fabe7013d74dfd4ca02e3a4485f339e6c49a1ff05
-
SSDEEP
384:S4Io6T8B6ShjRWuU4JfSZ1kUMqurUfc1ckt+w0WhGGdBAVXIZTmGiWmrzsgWlsAb:FRxYkUJE0WdBAVXIriDrzw/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe PID 3020 wrote to memory of 2124 3020 rundll32.exe rundll32.exe