Overview

overview

9

Static

static

7

gasai_self...2).rar

windows7-x64

3

gasai_self...2).rar

windows10-2004-x64

3

extraced_c...ry.txt

windows7-x64

1

extraced_c...ry.txt

windows10-2004-x64

1

gasai_crac...ai.exe

windows7-x64

7

gasai_crac...ai.exe

windows10-2004-x64

7

Gasai.pyc

windows7-x64

3

Gasai.pyc

windows10-2004-x64

3

gasai_crac...g.json

windows7-x64

3

gasai_crac...g.json

windows10-2004-x64

3

gasai_crac...ck.dll

windows7-x64

9

gasai_crac...ck.dll

windows10-2004-x64

9

gasai_crac...t.json

windows7-x64

3

gasai_crac...t.json

windows10-2004-x64

3

gasai_crac...er.exe

windows7-x64

7

gasai_crac...er.exe

windows10-2004-x64

9

gasai_crac...e.mmdb

windows7-x64

3

gasai_crac...e.mmdb

windows10-2004-x64

3

gasai_crac...ot.png

windows7-x64

3

gasai_crac...ot.png

windows10-2004-x64

3

gasai_crac...mg.jpg

windows7-x64

3

gasai_crac...mg.jpg

windows10-2004-x64

3

gasai_crac...s.json

windows7-x64

3

gasai_crac...s.json

windows10-2004-x64

3

gasai_crac...s.json

windows7-x64

3

gasai_crac...s.json

windows10-2004-x64

3

gasai_crac...no.ico

windows7-x64

3

gasai_crac...no.ico

windows10-2004-x64

3

gasai_crac...s.json

windows7-x64

3

gasai_crac...s.json

windows10-2004-x64

3

gasai_crac...s.json

windows7-x64

3

gasai_crac...s.json

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gasai_cracked/crack.dll

  • Size

    2.9MB

  • MD5

    e42615c8afc31caeddcc6080933fe10e

  • SHA1

    30f545b60fe0eec20f00304c16cfdfd8860513f9

  • SHA256

    37d493e23a12be12f02d3663348b1992d31f4a717637324922b1bab082ab7935

  • SHA512

    62d0eea5c31cf83e8b6e14a51405161d88ad9b514485b33bf31863c15318b5fb18383eb1812ea13b117254fff245e5d034d4943822367ab25fd84219f6298de4

  • SSDEEP

    49152:Vv58YPYu3ui4i8lHWXXh7R+2IeVYP8w4U5nVkHNgQOmC6yxI9BNVEpcBpa6YM:JPPnei4i8lMXh7RQeSkW5VCgEC6W0Bzm

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\gasai_cracked\crack.dll,#1
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2236 -s 128
      2⤵
        PID:1740

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2236-1-0x000007FEF5810000-0x000007FEF604B000-memory.dmp

      Filesize

      8.2MB

      Download

    • memory/2236-0-0x000007FEF6050000-0x000007FEF688B000-memory.dmp

      Filesize

      8.2MB

      Download

    • memory/2236-3-0x000007FEF5810000-0x000007FEF604B000-memory.dmp

      Filesize

      8.2MB

      Download

    • memory/2236-2-0x000007FEF6050000-0x000007FEF688B000-memory.dmp

      Filesize

      8.2MB

      Download

    • memory/2236-4-0x000007FEF5810000-0x000007FEF604B000-memory.dmp

      Filesize

      8.2MB

      Download

    • memory/2236-6-0x000007FEF6050000-0x000007FEF688B000-memory.dmp

      Filesize

      8.2MB

      Download