c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf

Analysis

max time kernel
142s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin/Gajim.exe
Size

373KB
MD5

33a90bd70e8bf2527df9f25a0d8168f7
SHA1

e642ffbab5e091814ad21d769ab13144d651db15
SHA256

4135679db5005bd78bd9207c4c430522a1581da4a80895518deb62a987117ca6
SHA512

ce1835811133a605ce4978eed37ee63fb59f27b05bbcfb6ca1256c084cb1f0b472c76d95d4135790779d97b97fad57bd0cc8500b978130acaa10cb52e7213ece
SSDEEP

6144:oLY6SNR6nMFeqY+gPe8TxMm1D+9gYuHBaez0q5ItWxL+dxLaJDBjmZ88N+ZdbAi:ISNq8eqY+gPe8TxMmx+9gYuHBLz0aItV

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Gajim.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4988	Gajim.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4988	Gajim.exe
4988	Gajim.exe
4988	Gajim.exe
4988	Gajim.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
4988	Gajim.exe
4988	Gajim.exe
4988	Gajim.exe
4988	Gajim.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4284	4988	Gajim.exe	95
PID 4988 wrote to memory of 4284	4988	Gajim.exe	95
PID 4988 wrote to memory of 1352	4988	Gajim.exe	97
PID 4988 wrote to memory of 1352	4988	Gajim.exe	97
PID 4988 wrote to memory of 3096	4988	Gajim.exe	98
PID 4988 wrote to memory of 3096	4988	Gajim.exe	98

C:\Users\Admin\AppData\Local\Temp\bin\Gajim.exe
"C:\Users\Admin\AppData\Local\Temp\bin\Gajim.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:4284
- C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe
  "C:\Users\Admin\AppData\Local\Temp\bin\gdbus.exe" _win32_run_session_bus
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.dbus-keyrings\org_gtk_gdbus_general

Filesize
78B

MD5
c11510f0492465607a6fcbb202a84ac3

SHA1
19f6ec13aa516442d9e67f26f616ef39b8b14906

SHA256
29692277cd288e9eb580a39decb4ece8bb791b4953f5288734603cef2a42494e

SHA512
b528e1d041c94bbb7d0134bf487eae1507ab4c8095b80339cd395657cfe16a7524b0497cc6f2482c140cee8d7923fc7f17b232c027a531295f22d2c07b28c110

Download Submit
C:\Users\Admin\AppData\Local\Temp\gdbus-nonce-file-ATOBP2

Filesize
16B

MD5
93be2e8c2346c3b4ea8ff8a4e93063a0

SHA1
69c309b2df331b7da97083f2c1e3cbb797a812f3

SHA256
0ab57ce5f43853cc047b87af0a71fad8cd0f7459981cc1ad881e223a1554c5e6

SHA512
1b72da72fded361636e6e7c1d181d17497dc53056d1b5d4ab9a18184b837ad98b9a886c8b5353fd60d1dada190d099c06725e127c9c04974af0e32e0546b2478

Download Submit
memory/4988-71-0x0000020D58AF0000-0x0000020D58B00000-memory.dmp

Filesize
64KB

Download
memory/4988-85-0x00007FFF54050000-0x00007FFF54060000-memory.dmp

Filesize
64KB

Download
memory/4988-89-0x00007FFF51300000-0x00007FFF5131F000-memory.dmp

Filesize
124KB

Download
memory/4988-116-0x00007FFF41D00000-0x00007FFF41E2B000-memory.dmp

Filesize
1.2MB

Download
memory/4988-126-0x00007FFF4C680000-0x00007FFF4C68D000-memory.dmp

Filesize
52KB

Download
memory/4988-133-0x00007FFF410C0000-0x00007FFF41205000-memory.dmp

Filesize
1.3MB

Download
memory/4988-137-0x00007FFF40EC0000-0x00007FFF410B4000-memory.dmp

Filesize
2.0MB

Download
memory/4988-144-0x00007FFF40660000-0x00007FFF40671000-memory.dmp

Filesize
68KB

Download
memory/4988-143-0x00007FFF40680000-0x00007FFF4069A000-memory.dmp

Filesize
104KB

Download
memory/4988-142-0x00007FFF406A0000-0x00007FFF406B1000-memory.dmp

Filesize
68KB

Download
memory/4988-141-0x00007FFF406C0000-0x00007FFF406CF000-memory.dmp

Filesize
60KB

Download
memory/4988-140-0x00007FFF406D0000-0x00007FFF406E5000-memory.dmp

Filesize
84KB

Download
memory/4988-139-0x00007FFF406F0000-0x00007FFF4071D000-memory.dmp

Filesize
180KB

Download
memory/4988-138-0x00007FFF40720000-0x00007FFF40E5D000-memory.dmp

Filesize
7.2MB

Download
memory/4988-136-0x00007FFF40E60000-0x00007FFF40E7D000-memory.dmp

Filesize
116KB

Download
memory/4988-135-0x00007FFF40E80000-0x00007FFF40EA0000-memory.dmp

Filesize
128KB

Download
memory/4988-134-0x00007FFF40EA0000-0x00007FFF40EB8000-memory.dmp

Filesize
96KB

Download
memory/4988-132-0x00007FFF41210000-0x00007FFF41240000-memory.dmp

Filesize
192KB

Download
memory/4988-131-0x00007FFF41240000-0x00007FFF41250000-memory.dmp

Filesize
64KB

Download
memory/4988-130-0x00007FFF41250000-0x00007FFF41268000-memory.dmp

Filesize
96KB

Download
memory/4988-129-0x00007FFF41270000-0x00007FFF4129C000-memory.dmp

Filesize
176KB

Download
memory/4988-128-0x00007FFF412A0000-0x00007FFF41304000-memory.dmp

Filesize
400KB

Download
memory/4988-127-0x00007FFF41360000-0x00007FFF4154D000-memory.dmp

Filesize
1.9MB

Download
memory/4988-125-0x00007FFF417A0000-0x00007FFF417C5000-memory.dmp

Filesize
148KB

Download
memory/4988-124-0x00007FFF4ED30000-0x00007FFF4ED3D000-memory.dmp

Filesize
52KB

Download
memory/4988-123-0x00007FFF417D0000-0x00007FFF417E2000-memory.dmp

Filesize
72KB

Download
memory/4988-122-0x00007FFF417F0000-0x00007FFF41805000-memory.dmp

Filesize
84KB

Download
memory/4988-120-0x00007FFF41C20000-0x00007FFF41C35000-memory.dmp

Filesize
84KB

Download
memory/4988-119-0x00007FFF41C40000-0x00007FFF41C76000-memory.dmp

Filesize
216KB

Download
memory/4988-118-0x00007FFF41C80000-0x00007FFF41CAD000-memory.dmp

Filesize
180KB

Download
memory/4988-117-0x00007FFF41CD0000-0x00007FFF41CFC000-memory.dmp

Filesize
176KB

Download
memory/4988-115-0x00007FFF41E30000-0x00007FFF41E46000-memory.dmp

Filesize
88KB

Download
memory/4988-114-0x00007FFF41E50000-0x00007FFF41E85000-memory.dmp

Filesize
212KB

Download
memory/4988-113-0x00007FFF41E90000-0x00007FFF41ED3000-memory.dmp

Filesize
268KB

Download
memory/4988-112-0x00007FFF41EE0000-0x00007FFF41F90000-memory.dmp

Filesize
704KB

Download
memory/4988-111-0x00007FFF41F90000-0x00007FFF42054000-memory.dmp

Filesize
784KB

Download
memory/4988-110-0x00007FFF42060000-0x00007FFF420B7000-memory.dmp

Filesize
348KB

Download
memory/4988-109-0x00007FFF420C0000-0x00007FFF422B3000-memory.dmp

Filesize
1.9MB

Download
memory/4988-108-0x00007FFF422C0000-0x00007FFF423F4000-memory.dmp

Filesize
1.2MB

Download
memory/4988-107-0x00007FFF42400000-0x00007FFF42411000-memory.dmp

Filesize
68KB

Download
memory/4988-106-0x00007FFF530F0000-0x00007FFF530FE000-memory.dmp

Filesize
56KB

Download
memory/4988-105-0x00007FFF42420000-0x00007FFF42487000-memory.dmp

Filesize
412KB

Download
memory/4988-104-0x00007FFF53410000-0x00007FFF5341F000-memory.dmp

Filesize
60KB

Download
memory/4988-103-0x00007FFF42490000-0x00007FFF425A9000-memory.dmp

Filesize
1.1MB

Download
memory/4988-102-0x00007FFF42770000-0x00007FFF428C8000-memory.dmp

Filesize
1.3MB

Download
memory/4988-100-0x00007FFF428D0000-0x00007FFF428FC000-memory.dmp

Filesize
176KB

Download
memory/4988-99-0x00007FFF42900000-0x00007FFF4295A000-memory.dmp

Filesize
360KB

Download
memory/4988-98-0x00007FFF42960000-0x00007FFF4299F000-memory.dmp

Filesize
252KB

Download
memory/4988-97-0x00007FFF429A0000-0x00007FFF429F4000-memory.dmp

Filesize
336KB

Download
memory/4988-96-0x00007FFF42A00000-0x00007FFF42A35000-memory.dmp

Filesize
212KB

Download
memory/4988-94-0x00007FFF4A4A0000-0x00007FFF4A4BF000-memory.dmp

Filesize
124KB

Download
memory/4988-92-0x00007FFF42A40000-0x00007FFF42A64000-memory.dmp

Filesize
144KB

Download
memory/4988-90-0x00007FFF435D0000-0x00007FFF43745000-memory.dmp

Filesize
1.5MB

Download
memory/4988-88-0x00007FFF43920000-0x00007FFF4394A000-memory.dmp

Filesize
168KB

Download
memory/4988-87-0x00007FFF52540000-0x00007FFF5255B000-memory.dmp

Filesize
108KB

Download
memory/4988-86-0x00007FFF52700000-0x00007FFF52714000-memory.dmp

Filesize
80KB

Download
memory/4988-84-0x00007FFF43D50000-0x00007FFF43D7F000-memory.dmp

Filesize
188KB

Download
memory/4988-81-0x00007FFF42A70000-0x00007FFF42DC0000-memory.dmp

Filesize
3.3MB

Download
memory/4988-101-0x00007FFF425B0000-0x00007FFF42764000-memory.dmp

Filesize
1.7MB

Download
memory/4988-95-0x00007FFF435B0000-0x00007FFF435C3000-memory.dmp

Filesize
76KB

Download
memory/4988-93-0x00007FFF53800000-0x00007FFF53810000-memory.dmp

Filesize
64KB

Download
memory/4988-91-0x00007FFF50020000-0x00007FFF50032000-memory.dmp

Filesize
72KB

Download
memory/4988-83-0x00007FFF52E80000-0x00007FFF52E96000-memory.dmp

Filesize
88KB

Download
memory/4988-82-0x00007FFF4F550000-0x00007FFF4F572000-memory.dmp

Filesize
136KB

Download
memory/4988-80-0x00007FF7FB740000-0x00007FF7FB7A5000-memory.dmp

Filesize
404KB

Download
memory/4988-512-0x0000020D58AF0000-0x0000020D58B00000-memory.dmp

Filesize
64KB

Download