829d348eb2637386211bfe31b9ce1cca1c545e3a18a60bf20513a969fe97596b

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 17:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gasai_cracked/launcher.exe
Size

4.9MB
MD5

05bc8e2e0473d2bcb2d959d5ecde2d37
SHA1

555f073467bbc064db4049d3ea6be5221d601d72
SHA256

1e13949291b38b35ff7ae80f701ca50753e47472c3667470a82a5206ad6d9801
SHA512

645297f215c4734acbb8d580f9be220cd42a8a7d9bcf3f08b149cbd1e4f867c06252f44915317052ee66599de7401def0f8477eae40973e680c247bc4293c88e
SSDEEP

98304:YKRGpvYMi4MIMPgQesZCWV9yfmYGefQBZaLHNjj5YdRBuwo:YIiv9iqMPzyHGef0SB5Y1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2624	launcher.exe

Loads dropped DLL 2 IoCs

pid	Process
2400	launcher.exe
2624	launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2624	2400	launcher.exe	29
PID 2400 wrote to memory of 2624	2400	launcher.exe	29
PID 2400 wrote to memory of 2624	2400	launcher.exe	29

C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe
"C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\onefile_2400_133615637320788000\launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2400_133615637320788000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2400_133615637320788000\launcher.exe

Filesize
8.5MB

MD5
ab80bb454abe2469ff40112393b05f4b

SHA1
82e2915d31265cca1505d15d3da6207ac4d5fb11

SHA256
ff6a6da4f79404766a32a5fb6a305b802ff32a5ad43ebb02b29632c52b23e360

SHA512
3fb888386e0903beb413fb453bc0345936bad52d6bdd00edb2fd8553623c37a685fe7e6992eb65edafe8b8d171855e7a6fbd00bd98583495d6b5e75bb325d893

Download Submit