c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf

Analysis

max time kernel
142s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gajim.exe
Size

83.9MB
MD5

9d48c58ac4d4b89a27550f6e425d0c49
SHA1

275ca4bdade76b71b8cb796da9d06052bbe5de98
SHA256

c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf
SHA512

b58ba39620286183456310efb6a232dd27cd8ac10d30f4ecab05a53367c0a854a5a7f9363fbd02259fbcac5b1cdc5819dd6e1eaf2537759c92a3bb7bb59300cb
SSDEEP

1572864:EvQU9p+aYgfo6CMsXOHn2vvF/ySHTRok5AM4jbXcTONk7LKNotiGGuSi:Q1o6CPf3Nyq6jMwbXUONkPKZGZx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2904	Gajim.exe
2904	Gajim.exe
2904	Gajim.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2904	Gajim.exe

C:\Users\Admin\AppData\Local\Temp\Gajim.exe
"C:\Users\Admin\AppData\Local\Temp\Gajim.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsdA9A9.tmp\LangDLL.dll

Filesize
8KB

MD5
1290ff92e7d5e675ca7f982942a58d0a

SHA1
b5496bf231a99f52fc2225a27cec0cf9809b5bdc

SHA256
7986be3b9a6dd3f9c3236c2de7cda25a35567709374712b6201a73ca8820edfe

SHA512
6494e6a3c29b6baf45fcdc0a9bc188351b0d5d8956aa886fb0787806abb187edea0a0b4bd149749919b080cdca6aaf8235d7caede0fa269c89e1b7439eff856c

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA9A9.tmp\System.dll

Filesize
24KB

MD5
47ba95323f37f91363eecfefb6bf88e4

SHA1
9a08ae3d832da3d7e1199afe3d41d45413cee854

SHA256
7c44c346cfc9ec199d3ec20dce30dfbec61f2c6c9accabd32780e449b5f7ff58

SHA512
91c85eb5daae4d3b4d9f9110db1019fb2d80407462b7dcef8dddde3500fdf0321c8d3eede19284c03c2c35f07face80023ce9dc9d3428ef5992fa67843734774

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA9A9.tmp\nsDialogs.dll

Filesize
14KB

MD5
3122c5948b4ea998bca7765b1d631339

SHA1
31f152b86e9f1fcbe91059bd5962d4ffd8b35f02

SHA256
2107b714dadbd411e2e11126f350f744c20bc095cf22069b43b50cf2fa00cdf9

SHA512
6f9806b9fa76a08be66d31898c0fe40fc311b8d3d241ae7b47ed5dcc48e2f39b4c274791f9874603e5aaa1a07adc21b99ae20cd4a1dcb94dcaddd929ba0eb0a6

Download Submit
memory/2904-22-0x000007FEFB310000-0x000007FEFB31F000-memory.dmp

Filesize
60KB

Download
memory/2904-23-0x000007FEFB0B0000-0x000007FEFB0BD000-memory.dmp

Filesize
52KB

Download
memory/2904-21-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download