Overview
overview
9Static
static
3gpg.exe
windows7-x64
1gpg.exe
windows10-2004-x64
1gpgconf.exe
windows7-x64
1gpgconf.exe
windows10-2004-x64
1libassuan-0.dll
windows7-x64
3libassuan-0.dll
windows10-2004-x64
3libgcrypt-20.dll
windows7-x64
1libgcrypt-20.dll
windows10-2004-x64
3libgpg-error-0.dll
windows7-x64
1libgpg-error-0.dll
windows10-2004-x64
1libnpth-0.dll
windows7-x64
1libnpth-0.dll
windows10-2004-x64
1libsqlite3-0.dll
windows7-x64
3libsqlite3-0.dll
windows10-2004-x64
3trkop.vbs
windows7-x64
9trkop.vbs
windows10-2004-x64
9zapa.bat
windows7-x64
7zapa.bat
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 16:07
Static task
static1
Behavioral task
behavioral1
Sample
gpg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
gpg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
gpgconf.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
gpgconf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
libassuan-0.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
libassuan-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
libgcrypt-20.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
libgcrypt-20.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
libgpg-error-0.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
libgpg-error-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
libnpth-0.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
libnpth-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
libsqlite3-0.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
libsqlite3-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
trkop.vbs
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
trkop.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
zapa.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
zapa.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
zlib1.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
zlib1.dll
Resource
win10v2004-20240508-en
General
-
Target
libgcrypt-20.dll
-
Size
979KB
-
MD5
e7f12f3680f5150e29994a500d7c022f
-
SHA1
b0021e21d16c0dd5fcd7e067d828e7372d164873
-
SHA256
9f2862f520943aff5a1825a0fb92a4e98757dabe557c89e92cb24d0523905df4
-
SHA512
d7cd75ee6a7d16a6a16eff446ccecd60ed531903ddacae10081835f803ba69c9ed10cbcb2e17e262960e156b407b844cba3c5890a56f633c0b84d5e0ff005e62
-
SSDEEP
12288:PdETpCAy8RMKOsF0zIcG8GxEruMWkVyc25lPSd/uCf:1AQlsOzIcGJuruMWrc2XPSdt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 2476 328 rundll32.exe rundll32.exe