c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf

Analysis

max time kernel
142s
max time network
132s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin/Gajim-Debug.exe
Size

373KB
MD5

158d64c3ace32c0b737b5b2d1f0facfb
SHA1

8ad0a4dc769dd193647f82388399c7938fccf12a
SHA256

c3574ccafff8f36c0ea826ae699b2a16ce5af9e83e493a865f045e4bd9c195a3
SHA512

d708a8fc2672f9e181fa0a0132ad9dd00747759662a10117e5cada6bbdb6d5e4877fca15f8296b3c274da19c3ccfbecb7bcbd23e61821b31d9dd8f6391549417
SSDEEP

6144:KLY6tNR6nMFeqY+gPe8TxMm1D+9gYuHBaez0q5ItWxL+dxLaJDBjmZ88N+ZdbAiY:+tNq8eqY+gPe8TxMmx+9gYuHBLz0aIt9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2056	Gajim-Debug.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe
2056	Gajim-Debug.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2092	2056	Gajim-Debug.exe	29
PID 2056 wrote to memory of 2092	2056	Gajim-Debug.exe	29
PID 2056 wrote to memory of 2092	2056	Gajim-Debug.exe	29
PID 2056 wrote to memory of 2632	2056	Gajim-Debug.exe	30
PID 2056 wrote to memory of 2632	2056	Gajim-Debug.exe	30
PID 2056 wrote to memory of 2632	2056	Gajim-Debug.exe	30
PID 2056 wrote to memory of 2848	2056	Gajim-Debug.exe	31
PID 2056 wrote to memory of 2848	2056	Gajim-Debug.exe	31
PID 2056 wrote to memory of 2848	2056	Gajim-Debug.exe	31

C:\Users\Admin\AppData\Local\Temp\bin\Gajim-Debug.exe
"C:\Users\Admin\AppData\Local\Temp\bin\Gajim-Debug.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:2092
- C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe
  "C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe" _win32_run_session_bus
  2⤵
  PID:2632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.dbus-keyrings\org_gtk_gdbus_general

Filesize
78B

MD5
cbeac1b93819dd7886c23c794ab4d548

SHA1
1cbbd882ee942fe02067af18ec3cf55bf824ff7f

SHA256
3e2d5bd01c8f758ff21fabe35705a285c435ac1c53aab912f21615d7f7d54ed5

SHA512
a969e7e21fd1dfcf5b892ee6ffbd20d9861e2d88bc5447265ffd63608e5b04c765fd930eec452603a02d676b1af40925f2a49a25f1f12d88af53e87e1997e21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gdbus-nonce-file-DIC3O2

Filesize
16B

MD5
d278bcb1de1c5f7c2e613b1f2e188fd4

SHA1
5c03c52ce1608db3a46d337afeaaf61624bc36df

SHA256
6d0ad8f8f6291092249872c87cbf00bea8928e25a0c207b0e14eef3818f856f7

SHA512
750afe26f5a92acaa77807018a481775c1e83165b18eafbbfb35c756f6d9b1fd02e42cb4824589555fa85624471eb34d21086f250568b7b674f23eabf74bb5fd

Download Submit
memory/2056-11-0x000007FEEE220000-0x000007FEEE3E0000-memory.dmp

Filesize
1.8MB

Download
memory/2056-80-0x000000013FE00000-0x000000013FE65000-memory.dmp

Filesize
404KB

Download
memory/2056-84-0x000007FEFA210000-0x000007FEFA23F000-memory.dmp

Filesize
188KB

Download
memory/2056-93-0x000007FEFA1F0000-0x000007FEFA200000-memory.dmp

Filesize
64KB

Download
memory/2056-92-0x000007FEF6CE0000-0x000007FEF6D04000-memory.dmp

Filesize
144KB

Download
memory/2056-96-0x000007FEF6C60000-0x000007FEF6C95000-memory.dmp

Filesize
212KB

Download
memory/2056-97-0x000007FEF6C00000-0x000007FEF6C54000-memory.dmp

Filesize
336KB

Download
memory/2056-91-0x000007FEF6D10000-0x000007FEF6D22000-memory.dmp

Filesize
72KB

Download
memory/2056-100-0x000007FEF6300000-0x000007FEF632C000-memory.dmp

Filesize
176KB

Download
memory/2056-83-0x000007FEFAE70000-0x000007FEFAE86000-memory.dmp

Filesize
88KB

Download
memory/2056-82-0x000007FEFA960000-0x000007FEFA982000-memory.dmp

Filesize
136KB

Download
memory/2056-103-0x000007FEF6290000-0x000007FEF62F7000-memory.dmp

Filesize
412KB

Download
memory/2056-85-0x000007FEFA200000-0x000007FEFA210000-memory.dmp

Filesize
64KB

Download
memory/2056-81-0x000007FEF5B60000-0x000007FEF5EB0000-memory.dmp

Filesize
3.3MB

Download
memory/2056-88-0x000007FEF6D50000-0x000007FEF6D7A000-memory.dmp

Filesize
168KB

Download
memory/2056-87-0x000007FEF6D80000-0x000007FEF6D9B000-memory.dmp

Filesize
108KB

Download
memory/2056-110-0x000007FEF51C0000-0x000007FEF5217000-memory.dmp

Filesize
348KB

Download
memory/2056-89-0x000007FEF6D30000-0x000007FEF6D4F000-memory.dmp

Filesize
124KB

Download
memory/2056-114-0x000007FEF5060000-0x000007FEF508C000-memory.dmp

Filesize
176KB

Download
memory/2056-116-0x000007FEF4F00000-0x000007FEF4F2D000-memory.dmp

Filesize
180KB

Download
memory/2056-113-0x000007FEF5090000-0x000007FEF50A6000-memory.dmp

Filesize
88KB

Download
memory/2056-117-0x000007FEF4EB0000-0x000007FEF4EF3000-memory.dmp

Filesize
268KB

Download
memory/2056-118-0x000007FEF4E00000-0x000007FEF4EB0000-memory.dmp

Filesize
704KB

Download
memory/2056-111-0x000007FEF5180000-0x000007FEF51B5000-memory.dmp

Filesize
212KB

Download
memory/2056-86-0x000007FEF7A80000-0x000007FEF7A94000-memory.dmp

Filesize
80KB

Download
memory/2056-95-0x000007FEF6CA0000-0x000007FEF6CB3000-memory.dmp

Filesize
76KB

Download
memory/2056-94-0x000007FEF6CC0000-0x000007FEF6CDF000-memory.dmp

Filesize
124KB

Download
memory/2056-90-0x000007FEF59E0000-0x000007FEF5B55000-memory.dmp

Filesize
1.5MB

Download
memory/2056-131-0x000007FEF46D0000-0x000007FEF470C000-memory.dmp

Filesize
240KB

Download
memory/2056-98-0x000007FEF63A0000-0x000007FEF63DF000-memory.dmp

Filesize
252KB

Download
memory/2056-135-0x000007FEF43F0000-0x000007FEF4454000-memory.dmp

Filesize
400KB

Download
memory/2056-142-0x000007FEF3FF0000-0x000007FEF4008000-memory.dmp

Filesize
96KB

Download
memory/2056-99-0x000007FEF5820000-0x000007FEF59D4000-memory.dmp

Filesize
1.7MB

Download
memory/2056-108-0x000007FEF5430000-0x000007FEF5564000-memory.dmp

Filesize
1.2MB

Download
memory/2056-107-0x000007FEF5570000-0x000007FEF5581000-memory.dmp

Filesize
68KB

Download
memory/2056-106-0x000007FEF5590000-0x000007FEF559E000-memory.dmp

Filesize
56KB

Download
memory/2056-105-0x000007FEF6220000-0x000007FEF627A000-memory.dmp

Filesize
360KB

Download
memory/2056-104-0x000007FEF6280000-0x000007FEF628F000-memory.dmp

Filesize
60KB

Download
memory/2056-102-0x000007FEF55A0000-0x000007FEF56F8000-memory.dmp

Filesize
1.3MB

Download
memory/2056-109-0x000007FEF5220000-0x000007FEF5413000-memory.dmp

Filesize
1.9MB

Download
memory/2056-101-0x000007FEF5700000-0x000007FEF5819000-memory.dmp

Filesize
1.1MB

Download
memory/2056-112-0x000007FEF50B0000-0x000007FEF5174000-memory.dmp

Filesize
784KB

Download
memory/2056-115-0x000007FEF4F30000-0x000007FEF505B000-memory.dmp

Filesize
1.2MB

Download
memory/2056-119-0x000007FEF4DC0000-0x000007FEF4DF6000-memory.dmp

Filesize
216KB

Download
memory/2056-141-0x000007FEF4010000-0x000007FEF4204000-memory.dmp

Filesize
2.0MB

Download
memory/2056-140-0x000007FEF4210000-0x000007FEF4355000-memory.dmp

Filesize
1.3MB

Download
memory/2056-139-0x000007FEF4360000-0x000007FEF4390000-memory.dmp

Filesize
192KB

Download
memory/2056-138-0x000007FEF4390000-0x000007FEF43A0000-memory.dmp

Filesize
64KB

Download
memory/2056-137-0x000007FEF43A0000-0x000007FEF43B8000-memory.dmp

Filesize
96KB

Download
memory/2056-136-0x000007FEF43C0000-0x000007FEF43EC000-memory.dmp

Filesize
176KB

Download
memory/2056-134-0x000007FEF4460000-0x000007FEF44A1000-memory.dmp

Filesize
260KB

Download
memory/2056-133-0x000007FEF44B0000-0x000007FEF469D000-memory.dmp

Filesize
1.9MB

Download
memory/2056-132-0x000007FEF46A0000-0x000007FEF46C2000-memory.dmp

Filesize
136KB

Download
memory/2056-130-0x000007FEF4710000-0x000007FEF47A3000-memory.dmp

Filesize
588KB

Download
memory/2056-129-0x000007FEF47B0000-0x000007FEF47C6000-memory.dmp

Filesize
88KB

Download
memory/2056-128-0x000007FEF47D0000-0x000007FEF48ED000-memory.dmp

Filesize
1.1MB

Download
memory/2056-127-0x000007FEF48F0000-0x000007FEF48FE000-memory.dmp

Filesize
56KB

Download
memory/2056-126-0x000007FEF4900000-0x000007FEF490D000-memory.dmp

Filesize
52KB

Download
memory/2056-125-0x000007FEF4910000-0x000007FEF4935000-memory.dmp

Filesize
148KB

Download
memory/2056-124-0x000007FEF4940000-0x000007FEF494D000-memory.dmp

Filesize
52KB

Download
memory/2056-123-0x000007FEF4950000-0x000007FEF4962000-memory.dmp

Filesize
72KB

Download
memory/2056-122-0x000007FEF4970000-0x000007FEF4985000-memory.dmp

Filesize
84KB

Download
memory/2056-121-0x000007FEF4990000-0x000007FEF4D95000-memory.dmp

Filesize
4.0MB

Download
memory/2056-120-0x000007FEF4DA0000-0x000007FEF4DB5000-memory.dmp

Filesize
84KB

Download