Overview

overview

3

Static

static

3

AForge.Imaging.dll

windows7-x64

1

AForge.Imaging.dll

windows10-2004-x64

1

AForge.Math.dll

windows7-x64

1

AForge.Math.dll

windows10-2004-x64

1

AForge.dll

windows7-x64

1

AForge.dll

windows10-2004-x64

1

Cloo.dll

windows7-x64

1

Cloo.dll

windows10-2004-x64

1

GarticBot.exe

windows7-x64

1

GarticBot.exe

windows10-2004-x64

1

GarticBot.exe

windows7-x64

3

GarticBot.exe

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

OpenCLTemplate.dll

windows7-x64

1

OpenCLTemplate.dll

windows10-2004-x64

1

ref/GarticBot.exe

windows7-x64

1

ref/GarticBot.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GarticBot.exe

  • Size

    409KB

  • MD5

    dd47a02229a1503ac5416052ebbb4dd8

  • SHA1

    f5ca83bab956e83e7d62b274c125ddc96f77a754

  • SHA256

    1835d736ddc64b06ef16006dd153984fb734bcd9562f2b2a40297c14fede1c1c

  • SHA512

    8a06c4314e4932640c76aa780082a7e1da8f928c625fd88fc28920183d09d343866300d7a07c62f0711b53ea9ca51d8c9e974e745283974213eca437822affd6

  • SSDEEP

    6144:1+oAJEJcy0owirZZEx1Vvu4sqWeQDkpAXtPlHLOL8CcJ20RmZQ33b:1vDwogV6qrQwpM9lHa4jwZQH

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GarticBot.exe
    "C:\Users\Admin\AppData\Local\Temp\GarticBot.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.0-rc.1.21451.13&gui=true
      2⤵
      • System Time Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a44e47c4237b002ff416090763875fab

    SHA1

    b8ec3b0f50aced80b3249361bf5e33f2e509dea1

    SHA256

    5b6a8cfd32a502d3f41d92f61fd373828b889c12bb4a0a6abfbbcb7a5878e56a

    SHA512

    66b218620131d12b60bb3fc816e08cb89183fe834336742623aa9c5bd6c333a2af17794ba642cfac302c7cb98b2235d60c796ed22f1f8b4d0a49fe64c9470165

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e80d4382384b9a0ad3b4cb15be17412a

    SHA1

    a58e976afc8c370689dd6a7f2e96f545ae610769

    SHA256

    536ef753a363079f22a7af3aa93940d4b3a087e0596f23d34f9e6ffd524464eb

    SHA512

    212b9cb159c08d6a6dbc940c923e24e3ec4b8440e47f648bec133b8e8d15c6feac754e6c78838ed925d449df519823f5a2044419be4584f675cff5b39c008e00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3ee4fab8d6ce1e21af7090ffe81d8ff

    SHA1

    74d4d33a18b1815ab05d3cd4cc0d3c6c88cbaf0a

    SHA256

    4c17df13c6a20e92e9b604387cc52e429990b4f1b30b7a2091311d74a20496ee

    SHA512

    b6cd4dfaba04c7be68570f6f877b6c6026aa89f77caf3494baf18316c09ac59e3f7beb38ef010b4c0477b1251ae11240830f35a02054de74cc6cfbf6d04cfc3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    601f7f991973b9499ed5f6329d795c4b

    SHA1

    d7759957e5f540a5a7d9e51322791cd1cf7f111e

    SHA256

    a075dd1ae1c6bfa2b4136492d563e2fbc2a2808526a72d5d2e8d726d7838e000

    SHA512

    7ab3f39bf9db8e3a41f840ce007220c6c8bed7267854a9044178d055874936d270abaea404c9ed796868eb522232499dbb56d1a5436096740fec13b4fd0d5f18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47055d32fadfeb7a8139a880b75536ff

    SHA1

    8da06d535704a63f92fdbc8ba8f0ae8a44bfe190

    SHA256

    dddc2cb3cb81b2f098372ee00e17710817d7c97cf86155e86c4d1c0a935d29ab

    SHA512

    9c883dfe9be98551a1e350f883faf0f3892cf55003b9a2d69c4c1575e9a7ef1fab54c7da919a071852ee58a450c3e0497bcb7ced04143163fc077c59486eeff7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a978fea6d4ae3224622958629b3045d

    SHA1

    76ceafca490b0f5df222b9e97f796f7f1d3c1727

    SHA256

    5df4dd2a904fd5cf8b6ab2e1c71631ff629e70afaa104ec612a2fbde83221e12

    SHA512

    dcd8db3520cec31453d4ddb2b8f87e9cd45cdfc2e8547b9e753e1b0d9c819a406339e4e8fd1e1832b3b83b29f10333fdf718f364742ade13291f8a34d6d75c48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1ba175a4ebb2e9483bc2e8f3011e6ee

    SHA1

    d1e82e39d23112ce3c068b5bcd25f431675a3b6b

    SHA256

    78a3e1065aa9b10a50f5e00f7d25a52ff5d297a1262962b418fd5569f228353a

    SHA512

    74ff7f17bc6bfa19b99aa5503b2a753ab4af4e96d2eef105156a50389159c0e55d3833aafd5e41561236e2961bdfe77fd12addd743b24d65db5cf908327a8961

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb4826fcada7b28bef392c8a19d41b9c

    SHA1

    7259bde2d520fc83df8f489a31eaab35d43f0bed

    SHA256

    6c51edaac255230eee6809a48345f04d384686e00d140485770592eb30d890bb

    SHA512

    91d4c279785cc6a96a323261f14058e7abc86c6046ac22a66c9a93c1d26ee3ec49a2fcde06fed246e4668a10be656d7ec2816617cbf4411789dab88ff6284066

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD78.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEE4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit