2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988

Resubmissions

07-10-2024 17:08

241007-vnl68azgpq 10

07-10-2024 15:28

241007-swkx1szbpk 10

02-10-2024 22:19

241002-18r6vstekh 10

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-10-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gtag account Gen (maybe works).exe
Size

58.0MB
MD5

da151f3b7f812e244ea8531fc1a9b797
SHA1

f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
SHA256

2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
SHA512

9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
SSDEEP

1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe
1860	Gtag account Gen (maybe works).exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001cbf1-2172.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 1860	2708	Gtag account Gen (maybe works).exe	30
PID 2708 wrote to memory of 1860	2708	Gtag account Gen (maybe works).exe	30
PID 2708 wrote to memory of 1860	2708	Gtag account Gen (maybe works).exe	30

C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
"C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
  "C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
  2⤵
  - Loads dropped DLL
  PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27082\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27082\python310.dll

Filesize
1.4MB

MD5
67bf2aa23063b48b502ac7dcf3f7cdaf

SHA1
0a9157a219dc6811c9db103764b1addfc336d651

SHA256
1d416a171c6c152e8c2bfcf9137065650291ec767d087c6626e72dd5d3b361f3

SHA512
e48af648be7345d2374b684c9c778ce5d60a89ea96d9266f7af9ab28fb9cf453159945d923e74015845661d40f9c4ca16e84659b18834165e454610cb60aa534

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27082\setuptools-68.1.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27082\ucrtbase.dll

Filesize
1.1MB

MD5
a48348dec40d63a4dd77de952344f1c7

SHA1
a92bf2cddfdba52b663c39f16b94f08324403d1d

SHA256
1c502e581d72edbd2fbdbdb2fe21077c3c3a46a7549585960a85fdb93c612295

SHA512
763b0e4013a37d4dbbd472a1c5a6b4a6f56c2cc35abd68db2a0ed71eba240ed28addd41380f85b0762355fb11420d6963c1a042e1f231364532b33083a7ae736

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27082\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
b6e10e946a9ffe298894b24155548a1e

SHA1
d897a5f8f94dfbafb8ec0710c0dedb17da10c06b

SHA256
d94f51335c1f7aaaf454dbfcce422684ea48802fa3945aa9c50950a1fd55c4e7

SHA512
f51358456a6e4ea45edb4b4df431c6c5dd8d75016820b11728fbce9061fc416dc259832b1791af3d730001c8deb7e6927385f871d564307219b245907a4c8919

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27082\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
94b256ae14a2a6ddbdb4dfb63fe4d30f

SHA1
7b28d8f1f5aa4af9c441182240c9816352468f3e

SHA256
c3e98b8663ab64fdcb2111a5174967f46b49e399c9e98083a18b4defd53f806c

SHA512
bd271eac8df6dd79be135f8e04bc08b00474cddc8cb06ad59a9715842f6c05e5dcf4b0c05e241309a940b882369bc19bc9eb38580221f62bba7e06cc39b1cfa6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27082\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
90e7f757acd89e70b45e7481bab6afbe

SHA1
493069d3f582aa9d90a7fd90c5c86a8a6a78cd86

SHA256
ccc6a3980b5c29005d74f7d5d96eb64f072e182f7bd626013a09cb99f69f7b13

SHA512
6c80a27badc8b26859a70665ce5db024d5dd5a67acf18af93efaf667fa6ac7a497a5805972b024447988f6b64f04bad1ac824e3fb2ebfe62f8e8c07051110461

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
177f2560d03ed5d87edd2d6af76bc4fd

SHA1
448ca149f314709aab2e7f950dde6a467e746c10

SHA256
ff3ba56841b02443f428e2715de19f9d655b22ecbbae940b140ac765a69b62f1

SHA512
f68becc6a4ceadfa91515f1b00c0538f8c2697f9d28684d7b5df8b47f5529dd10c33ec0955b50e3830a12cd70f3602e0df1ddfec79fb3f531c11df1425848573

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
cbc9d46f3e0ce512b5ff3a8b2f6f4689

SHA1
adb2c17b73200f6d1a35dea6faa68691ed43f6bb

SHA256
8ef41ef713f3ce6159b667dfe875743633922ab282b4a8fbb6626429f61ed6c5

SHA512
b32429041fffb1e9242f3dc4c755a97dbc1d5a354cded3e9b09cea1a94fabc9b45c8f31e15300e1b9f3bf7acbc369063c555d0f6f5ac8860ee06323b06132737

Download Submit
memory/1860-2174-0x000007FEF6280000-0x000007FEF66EE000-memory.dmp

Filesize
4.4MB

Download