Overview
overview
9Static
static
3gpg.exe
windows7-x64
1gpg.exe
windows10-2004-x64
1gpgconf.exe
windows7-x64
1gpgconf.exe
windows10-2004-x64
1libassuan-0.dll
windows7-x64
3libassuan-0.dll
windows10-2004-x64
3libgcrypt-20.dll
windows7-x64
1libgcrypt-20.dll
windows10-2004-x64
3libgpg-error-0.dll
windows7-x64
1libgpg-error-0.dll
windows10-2004-x64
1libnpth-0.dll
windows7-x64
1libnpth-0.dll
windows10-2004-x64
1libsqlite3-0.dll
windows7-x64
3libsqlite3-0.dll
windows10-2004-x64
3trkop.vbs
windows7-x64
9trkop.vbs
windows10-2004-x64
9zapa.bat
windows7-x64
7zapa.bat
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 16:07
Static task
static1
Behavioral task
behavioral1
Sample
gpg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
gpg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
gpgconf.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
gpgconf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
libassuan-0.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
libassuan-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
libgcrypt-20.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
libgcrypt-20.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
libgpg-error-0.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
libgpg-error-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
libnpth-0.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
libnpth-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
libsqlite3-0.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
libsqlite3-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
trkop.vbs
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
trkop.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
zapa.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
zapa.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
zlib1.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
zlib1.dll
Resource
win10v2004-20240508-en
General
-
Target
libgpg-error-0.dll
-
Size
167KB
-
MD5
f00d0500d0e18f9cbbf24df4c867447f
-
SHA1
930c42e51296f9c706b683973d36b32401adea88
-
SHA256
2aef5c58f9454174d816729fce925919d8c5994a37f129288357bf8ec2b26783
-
SHA512
71f9d683ab1bbfe3ff247cdd2da99c29fdaf7c55489773aad58004ef853709d962de3f08f63b01bda3467366bf49eab4e86634e10837473446e9788df6d9682c
-
SSDEEP
3072:1VLFn1do/If9mvLJmVj+JP2xxFTTa6MpVf1JJKDo7wvQGxm8uNIW2A:vFn1db9mvLJmAurTaxVf1JJKDo7wvzxQ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe PID 2368 wrote to memory of 2212 2368 rundll32.exe rundll32.exe