c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf

Analysis

max time kernel
141s
max time network
133s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin/Gajim.exe
Size

373KB
MD5

33a90bd70e8bf2527df9f25a0d8168f7
SHA1

e642ffbab5e091814ad21d769ab13144d651db15
SHA256

4135679db5005bd78bd9207c4c430522a1581da4a80895518deb62a987117ca6
SHA512

ce1835811133a605ce4978eed37ee63fb59f27b05bbcfb6ca1256c084cb1f0b472c76d95d4135790779d97b97fad57bd0cc8500b978130acaa10cb52e7213ece
SSDEEP

6144:oLY6SNR6nMFeqY+gPe8TxMm1D+9gYuHBaez0q5ItWxL+dxLaJDBjmZ88N+ZdbAi:ISNq8eqY+gPe8TxMmx+9gYuHBLz0aItV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2804	Gajim.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2804	Gajim.exe
2804	Gajim.exe
2804	Gajim.exe
2804	Gajim.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2804	Gajim.exe
2804	Gajim.exe
2804	Gajim.exe
2804	Gajim.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 1884	2804	Gajim.exe	28
PID 2804 wrote to memory of 1884	2804	Gajim.exe	28
PID 2804 wrote to memory of 1884	2804	Gajim.exe	28
PID 2804 wrote to memory of 2892	2804	Gajim.exe	30
PID 2804 wrote to memory of 2892	2804	Gajim.exe	30
PID 2804 wrote to memory of 2892	2804	Gajim.exe	30
PID 2804 wrote to memory of 2692	2804	Gajim.exe	31
PID 2804 wrote to memory of 2692	2804	Gajim.exe	31
PID 2804 wrote to memory of 2692	2804	Gajim.exe	31

C:\Users\Admin\AppData\Local\Temp\bin\Gajim.exe
"C:\Users\Admin\AppData\Local\Temp\bin\Gajim.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:1884
- C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe
  "C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe" _win32_run_session_bus
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.dbus-keyrings\org_gtk_gdbus_general

Filesize
78B

MD5
02a3d1861dc756cd3a0afe2966471a99

SHA1
0df9166680e363e134231bcf120b52c18fb51b04

SHA256
d706ef79faf22b9749e2a9d98abb6d2a5bc9312b6df853103580a52f7c73683f

SHA512
6460e8940b8617713388ca86761c88e16a1ec0b9f8c988020900d9071212389025c2b9fad4dc486dde7bc7239e49beed48f380373234447955314a859795a051

Download Submit
C:\Users\Admin\AppData\Local\Temp\gdbus-nonce-file-V4EBP2

Filesize
16B

MD5
bf57e62d9d280652ec380a6b74b9628d

SHA1
7c565315ddfcf3291f1d53635859c9f2ec6dee9f

SHA256
e5b35e853483760e171373db02a5d169e6d37ea1f5bddaa0d82fb49c8ea8eb99

SHA512
ee68f14a0c35b2a10a8c6c7c5ca9041f88bb42e41724b6efd9fdf66e08da661efc7a4a8eef4427d0dc721e445eb61b50d10f2e52c90fa6c3220545ddb9e578f8

Download Submit
memory/2804-11-0x000007FEEE8E0000-0x000007FEEEAA0000-memory.dmp

Filesize
1.8MB

Download
memory/2804-80-0x000000013F030000-0x000000013F095000-memory.dmp

Filesize
404KB

Download
memory/2804-142-0x000007FEF43D0000-0x000007FEF43ED000-memory.dmp

Filesize
116KB

Download
memory/2804-141-0x000007FEF43F0000-0x000007FEF4408000-memory.dmp

Filesize
96KB

Download
memory/2804-134-0x000007FEF47F0000-0x000007FEF4854000-memory.dmp

Filesize
400KB

Download
memory/2804-118-0x000007FEF5200000-0x000007FEF52B0000-memory.dmp

Filesize
704KB

Download
memory/2804-110-0x000007FEF55C0000-0x000007FEF5617000-memory.dmp

Filesize
348KB

Download
memory/2804-99-0x000007FEF5D00000-0x000007FEF5EB4000-memory.dmp

Filesize
1.7MB

Download
memory/2804-90-0x000007FEF6AD0000-0x000007FEF6C45000-memory.dmp

Filesize
1.5MB

Download
memory/2804-89-0x000007FEF7650000-0x000007FEF766F000-memory.dmp

Filesize
124KB

Download
memory/2804-81-0x000007FEF5F20000-0x000007FEF6270000-memory.dmp

Filesize
3.3MB

Download
memory/2804-140-0x000007FEF4410000-0x000007FEF4604000-memory.dmp

Filesize
2.0MB

Download
memory/2804-139-0x000007FEF4610000-0x000007FEF4755000-memory.dmp

Filesize
1.3MB

Download
memory/2804-138-0x000007FEF4760000-0x000007FEF4790000-memory.dmp

Filesize
192KB

Download
memory/2804-137-0x000007FEF4790000-0x000007FEF47A0000-memory.dmp

Filesize
64KB

Download
memory/2804-136-0x000007FEF47A0000-0x000007FEF47B8000-memory.dmp

Filesize
96KB

Download
memory/2804-135-0x000007FEF47C0000-0x000007FEF47EC000-memory.dmp

Filesize
176KB

Download
memory/2804-133-0x000007FEF48B0000-0x000007FEF4A9D000-memory.dmp

Filesize
1.9MB

Download
memory/2804-132-0x000007FEF4AA0000-0x000007FEF4AC2000-memory.dmp

Filesize
136KB

Download
memory/2804-131-0x000007FEF4AD0000-0x000007FEF4B0C000-memory.dmp

Filesize
240KB

Download
memory/2804-130-0x000007FEF4B10000-0x000007FEF4BA3000-memory.dmp

Filesize
588KB

Download
memory/2804-129-0x000007FEF4BB0000-0x000007FEF4BC6000-memory.dmp

Filesize
88KB

Download
memory/2804-128-0x000007FEF4BD0000-0x000007FEF4CED000-memory.dmp

Filesize
1.1MB

Download
memory/2804-127-0x000007FEF4CF0000-0x000007FEF4CFE000-memory.dmp

Filesize
56KB

Download
memory/2804-126-0x000007FEF4D00000-0x000007FEF4D0D000-memory.dmp

Filesize
52KB

Download
memory/2804-125-0x000007FEF4D10000-0x000007FEF4D35000-memory.dmp

Filesize
148KB

Download
memory/2804-124-0x000007FEF4D40000-0x000007FEF4D4D000-memory.dmp

Filesize
52KB

Download
memory/2804-123-0x000007FEF4D50000-0x000007FEF4D62000-memory.dmp

Filesize
72KB

Download
memory/2804-122-0x000007FEF4D70000-0x000007FEF4D85000-memory.dmp

Filesize
84KB

Download
memory/2804-121-0x000007FEF4D90000-0x000007FEF5195000-memory.dmp

Filesize
4.0MB

Download
memory/2804-120-0x000007FEF51A0000-0x000007FEF51B5000-memory.dmp

Filesize
84KB

Download
memory/2804-119-0x000007FEF51C0000-0x000007FEF51F6000-memory.dmp

Filesize
216KB

Download
memory/2804-117-0x000007FEF52B0000-0x000007FEF52F3000-memory.dmp

Filesize
268KB

Download
memory/2804-116-0x000007FEF5300000-0x000007FEF532D000-memory.dmp

Filesize
180KB

Download
memory/2804-115-0x000007FEF5330000-0x000007FEF545B000-memory.dmp

Filesize
1.2MB

Download
memory/2804-114-0x000007FEF5460000-0x000007FEF548C000-memory.dmp

Filesize
176KB

Download
memory/2804-113-0x000007FEF5490000-0x000007FEF54A6000-memory.dmp

Filesize
88KB

Download
memory/2804-112-0x000007FEF54B0000-0x000007FEF5574000-memory.dmp

Filesize
784KB

Download
memory/2804-111-0x000007FEF5580000-0x000007FEF55B5000-memory.dmp

Filesize
212KB

Download
memory/2804-109-0x000007FEF5620000-0x000007FEF5813000-memory.dmp

Filesize
1.9MB

Download
memory/2804-108-0x000007FEF5820000-0x000007FEF5954000-memory.dmp

Filesize
1.2MB

Download
memory/2804-107-0x000007FEF5960000-0x000007FEF5971000-memory.dmp

Filesize
68KB

Download
memory/2804-106-0x000007FEF7120000-0x000007FEF712E000-memory.dmp

Filesize
56KB

Download
memory/2804-105-0x000007FEF5980000-0x000007FEF59DA000-memory.dmp

Filesize
360KB

Download
memory/2804-104-0x000007FEF77B0000-0x000007FEF77BF000-memory.dmp

Filesize
60KB

Download
memory/2804-103-0x000007FEF59E0000-0x000007FEF5A47000-memory.dmp

Filesize
412KB

Download
memory/2804-102-0x000007FEF5A50000-0x000007FEF5BA8000-memory.dmp

Filesize
1.3MB

Download
memory/2804-101-0x000007FEF5BB0000-0x000007FEF5CC9000-memory.dmp

Filesize
1.1MB

Download
memory/2804-100-0x000007FEF5CD0000-0x000007FEF5CFC000-memory.dmp

Filesize
176KB

Download
memory/2804-98-0x000007FEF65E0000-0x000007FEF661F000-memory.dmp

Filesize
252KB

Download
memory/2804-97-0x000007FEF5EC0000-0x000007FEF5F14000-memory.dmp

Filesize
336KB

Download
memory/2804-96-0x000007FEF6620000-0x000007FEF6655000-memory.dmp

Filesize
212KB

Download
memory/2804-95-0x000007FEF6660000-0x000007FEF6673000-memory.dmp

Filesize
76KB

Download
memory/2804-94-0x000007FEF6680000-0x000007FEF669F000-memory.dmp

Filesize
124KB

Download
memory/2804-93-0x000007FEF7990000-0x000007FEF79A0000-memory.dmp

Filesize
64KB

Download
memory/2804-92-0x000007FEF66A0000-0x000007FEF66C4000-memory.dmp

Filesize
144KB

Download
memory/2804-91-0x000007FEF66D0000-0x000007FEF66E2000-memory.dmp

Filesize
72KB

Download
memory/2804-88-0x000007FEF6C50000-0x000007FEF6C7A000-memory.dmp

Filesize
168KB

Download
memory/2804-87-0x000007FEF7700000-0x000007FEF771B000-memory.dmp

Filesize
108KB

Download
memory/2804-86-0x000007FEF7720000-0x000007FEF7734000-memory.dmp

Filesize
80KB

Download
memory/2804-85-0x000007FEF79A0000-0x000007FEF79B0000-memory.dmp

Filesize
64KB

Download
memory/2804-84-0x000007FEF79B0000-0x000007FEF79DF000-memory.dmp

Filesize
188KB

Download
memory/2804-83-0x000007FEFB990000-0x000007FEFB9A6000-memory.dmp

Filesize
88KB

Download
memory/2804-82-0x000007FEFA8D0000-0x000007FEFA8F2000-memory.dmp

Filesize
136KB

Download