Overview

overview

7

Static

static

7

C60DOSX.dll

windows7-x64

3

C60DOSX.dll

windows10-2004-x64

3

C60OLEX.dll

windows7-x64

3

C60OLEX.dll

windows10-2004-x64

3

C60RUNX.dll

windows7-x64

3

C60RUNX.dll

windows10-2004-x64

3

C60TPSX.dll

windows7-x64

3

C60TPSX.dll

windows10-2004-x64

3

gb_ems.ps1

windows7-x64

3

gb_ems.ps1

windows10-2004-x64

3

gb_ems.exe

windows7-x64

7

gb_ems.exe

windows10-2004-x64

7

iQxml.dll

windows7-x64

3

iQxml.dll

windows10-2004-x64

3

license.rtf

windows7-x64

4

license.rtf

windows10-2004-x64

1

sender.ps1

windows7-x64

3

sender.ps1

windows10-2004-x64

3

sender.exe

windows7-x64

7

sender.exe

windows10-2004-x64

7

tracker.exe

windows7-x64

7

tracker.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gb_ems.exe

  • Size

    341KB

  • MD5

    73297cb9d103702a1dd20bc6e2c324ca

  • SHA1

    a84609a02bb075e4fec338532cfd60b7f3e9ac86

  • SHA256

    a918a9bc2ba0ea9fe444a8ed97de3552aec55554f20bb7a5b253de36aca96d6c

  • SHA512

    ac701cb2b3d32f7c3d1d4a8676fd8d5012f84a2599d94510a0e1efe120ff870771232fc5c50a4be878dc09de60a7a2a6577871c01e0ea889296d42814d99aa8b

  • SSDEEP

    6144:Q1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59kIlbf3F8+Kw:QjkArEN249AyE/rbaMct4bO2/VVbvS+V

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gb_ems.exe
    "C:\Users\Admin\AppData\Local\Temp\gb_ems.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2668
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:734213 /prefetch:2
      2⤵
        PID:1768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a374c13aba8d4cff1ca36cd9bfa3ef0c

      SHA1

      40423c2a4733cd106d6a0ff158230e0b962b745e

      SHA256

      d692b1de086ac6af230458ef9e3f4e918de70f1821e0a0d9b47d9493f84a6ced

      SHA512

      1105b060cad8b7d58ff096d65b31c706a8501ea203ca991e0321bbcbcf0fb0c4bea929fe39b7d9015b36552f5b4b0d42d5f165fe68da45d5e9ac94a7284b5a57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e2bdaf5210ae35b4b575738e9a4db6b

      SHA1

      83630cba90aa76cc9212f6fc4b46875819cd4a5a

      SHA256

      8f32539ca58beed7bf5d48bb0d6b2744c57fbdbd8cc269718e05007362c4f075

      SHA512

      3a08b4fa64b6a1acc7ab4bfffeb765b6fc36a695ed9e30eae4d75ed663cb68cc51132197e80934f3af9a6f64eb2fc2d04d0c5a8aca4e71a66ad4f548dae4c163

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      39c70e8b9a2a0023ee6957445f10e9ef

      SHA1

      abbc3bd738accf07820fdec6914b836a9327d6d3

      SHA256

      8fff4b6c94dcd01ce19586c60c291c747480989ff08ef9f8b917559e8561a3e6

      SHA512

      c2011f75333d0f6f5eb5666e26a5181aaed6c3ef10544507d8d41ca65bb99b20be27feec0eb0d5e50805171ba7d5fc66f0ce27c3ef8565baeeb8687dfc30dfb0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      309f174768ede8a6101d024f0252b746

      SHA1

      6a39768386ca54a2fa37f49681dc49900a1fe54f

      SHA256

      ab0b7139e28ca40390cda830973b3e98ff321a7e10017f2a7b9c50dca33cf0af

      SHA512

      ea083daac47c5111b7e04fb5248d6050142037c1e2bf7fd33cd7c141bbac6700d351717373099c257e6e66481afaa7da906a751c318bcb4e651da3e70c1c7cd7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3c5f1e674aff27220caa474f244e924

      SHA1

      96178dba87092515417db0b92feb7fa0ae0b0862

      SHA256

      e9e169aec490b55ccdd72be7bfb2e271714510d906c829a9e2cbf59cd870d4ce

      SHA512

      925bbe50718d73878e82dddca182b61bf57c92baab4cd53cb993f35a4ff13a28658714b6c7e8103af5150153c0637388d464b528b9133b9d18a33245bf16bc00

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      552fbe4347fbe05cdee488d3e03819b0

      SHA1

      78867ab061831ae7a0a963a3d349bcb10d38d75c

      SHA256

      c80dc7dee7d80b7f6295f7e667849b8b4ec660e552fda478b9ab4cb314730772

      SHA512

      32fc9174f92b9e8046f902e3eb2561b55f9d9b2ebb04c342674324825180a46ef99aa5fae739665d97c9905bc4c993d06a31004a86c5ea655961de66addd8c38

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bad27783eab02259f26db3bf48062f14

      SHA1

      08a16349e74667cd15dfbb318b4286761164c424

      SHA256

      a04aaeb3365ff71a24c3ec9453e0cf0849ee1da3a31208d7be116a1432e326fc

      SHA512

      0844eb318493bcab21d1195f48699156f7690b35208c5b411c03fda1e678c6dd17bf1dd76b34f564e12fec50e57e39f6e799e10e0227328bdaf1f3b1378ac3a0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31a6be2655704a8a889009dc3bec0226

      SHA1

      d2fee3aa3e4b28ef731d21e4522fdcef094a10fc

      SHA256

      b7ad3402bf5f107c9c03fabb4a856f7af474ef3aee52b269b8089415fcda7a05

      SHA512

      c569b7766a1271f4c312bfebde776baaced5359b098bba0671dc7cb40d4ab25c7feaa523d4727c27f99250c43b331ff600ff16b2c358a066a765343484a7b983

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bcb3b98ecde68874ada97cd3471bf1b4

      SHA1

      12127715c34b3711dc7ceb09438437488adb25ce

      SHA256

      41175d194005fbe16f536ea00cf07dc3e7e8bb41debbea51ec53939ffa42348e

      SHA512

      17e7b07dee11a0965816955002692254cba5ed12bd4e3f61fbbff5ca32ba863db4831aa95aba5e38e78bb5112861ff709b8a20b01d1b3cfbfa3be9a61c0554bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC8CE.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC96D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2668-6-0x0000000000400000-0x00000000004C1000-memory.dmp

      Filesize

      772KB

      Download

    • memory/2668-0-0x0000000000400000-0x00000000004C1000-memory.dmp

      Filesize

      772KB

      Download