2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988

Resubmissions

07-10-2024 17:08

241007-vnl68azgpq 10

07-10-2024 15:28

241007-swkx1szbpk 10

02-10-2024 22:19

241002-18r6vstekh 10

Analysis

max time kernel
35s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-10-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gtag account Gen (maybe works).exe
Size

58.0MB
MD5

da151f3b7f812e244ea8531fc1a9b797
SHA1

f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
SHA256

2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
SHA512

9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
SSDEEP

1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1644	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe
1776	Gtag account Gen (maybe works).exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001cb2c-2332.dat	upx
behavioral1/memory/1776-6502-0x000007FEF67C0000-0x000007FEF6C2E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1644	2216	Gtag account Gen (maybe works).exe	34
PID 2216 wrote to memory of 1644	2216	Gtag account Gen (maybe works).exe	34
PID 2216 wrote to memory of 1644	2216	Gtag account Gen (maybe works).exe	34
PID 1100 wrote to memory of 1776	1100	Gtag account Gen (maybe works).exe	35
PID 1100 wrote to memory of 1776	1100	Gtag account Gen (maybe works).exe	35
PID 1100 wrote to memory of 1776	1100	Gtag account Gen (maybe works).exe	35

C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
"C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
  "C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
  2⤵
  - Loads dropped DLL
  PID:1644

C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
"C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe
  "C:\Users\Admin\AppData\Local\Temp\Gtag account Gen (maybe works).exe"
  2⤵
  - Loads dropped DLL
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\django-stubs\django-stubs\contrib\auth\urls.pyi

Filesize
59B

MD5
72baef07657af40bbb9421362b0c67cd

SHA1
e0e802c0e54240712b8bd8418627b2ffa123bc94

SHA256
a0869d2c9451a944b87f059edc5d93c1d415888b98b9247b8aeb5489d9dcba7d

SHA512
32e4cddc4df9759ad46f617cd69b2adc130a918cac4f588cf563d8e3c298ece3a5bb0a9dc9a082cbdc015f2789336a6e67d545603ea69477fc5de28256fd6d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\django-stubs\django-stubs\contrib\sitemaps\management\commands\ping_google.pyi

Filesize
85B

MD5
6b8cad3305cef8186496283d80f5ea37

SHA1
418009700ba673f4aebf49db46d1f44384d4f8f8

SHA256
1a4fa10dd76be871ebe4f02bc9ccf70eaa1e178efa5291aa6aff471a9fcdb272

SHA512
e06ba45ea1bd65681f3be4a85118d4bc75c961e82dc6d319c6a2b1a7a39533732fe7c5d152ea978e0dd62c1ea520eb62c9322eaed82ca5588495fa1465f71555

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\django-stubs\django-stubs\core\mail\backends\console.pyi

Filesize
103B

MD5
7f6526c1bbcb2aa7ba6a8cde268765bc

SHA1
cfc87c1fd110239d47886e0c5ebcad54bd453bbe

SHA256
ae9de027f591acfedc0ba387099c4398c0841a9c126535d313ffbdb18184eea0

SHA512
3c6f26b5f0ab2bc22e72e116ffe28624e5d971a86b9d85e5f733844827e784b8349c46fa46ca5390bc972607b7fb5b37a6fb47b410e105f02b147dfe77a737c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\typeshed\stdlib\2\ntpath.pyi

Filesize
2KB

MD5
85d6a21f1a4f58f9e3ffbeb89cf82345

SHA1
db8ae818a67210b61b2a538d49b608825de04a31

SHA256
ba96ee35c718a0964e11e6ae5d5b9e800b9350cafd2ec0d9e84d1cf4f0ac2702

SHA512
995047f50de368444bad3fedb2c5b7f8efa807cdd35bb3647b1223897e4d27a94f93a48b0b12fc9121281f4f447632edf878dc54268716b67ecfb28a388c744f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\typeshed\stdlib\2and3\xml\dom\expatbuilder.pyi

Filesize
77B

MD5
0244548e1dba18ff5c58d98bcc50b931

SHA1
37494fb84b8b2a811e2cfa2be49477ce29138af7

SHA256
c08fdebb51bcc9a6aab911e667d9984608f2e3334d8490b7f394e348ca1a9918

SHA512
a88c7f3fad1047e18794184f33787b68e9c3260d47d68e6f519d99143b928aa97fcd1ebcc3b730f0c23eabb303352ba3cf9263b16e7c9f276f9108ed616a567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\typeshed\stdlib\3\os\path.pyi

Filesize
4KB

MD5
d6525de34375179d12889a176a91255d

SHA1
8e01efdd8a61008d775058bfdc084066d7f27047

SHA256
3191b9b9c4fb744bc025816c24737b48733616bb383727f778b9ba56a854017d

SHA512
53feeee1aeacc39818e80d521a0004acd943f1b0870d7ad85d9a1919b62377dab5cb22a456f92eed101b55975636315bb6d3ac68e0dc1d3ec675acdda622ce4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\jedi\third_party\typeshed\third_party\3\six\moves\CGIHTTPServer.pyi

Filesize
26B

MD5
59c113ba8da07ed8b8cf1d9fa0cb0a08

SHA1
b29c918fa7f8eb1f29f0a940f7bc3473d1f5d5e1

SHA256
bed05425469b4eb2152bdec29f43212d48474a56e61c1f10810956c1a747fbac

SHA512
98a1b860fb715c34568ec9247df52f480fd5fa72eac8c3b34954bfc2b35fb4b0bf73ea421950a9c027a20fc364207bf930edff3033490acf4011098afbe098e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\parso\python\grammar310.txt

Filesize
7KB

MD5
663bd8e6c3008a6849caeb04b084aed8

SHA1
bf5f44f35aa2e1649c780e87a779da4a97adae0b

SHA256
4305da1ea25c27fce08bd14001b76fd54fe42a0724bbd5168c76680a56eda5be

SHA512
7a61aa2176d1fe366eddf6e6c1ba87185790ec375a9a430038b618e382030b369fb67862c735191e3622f522f6760337e97e700ff40629b76d8c505beb174826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\python310.dll

Filesize
1.4MB

MD5
67bf2aa23063b48b502ac7dcf3f7cdaf

SHA1
0a9157a219dc6811c9db103764b1addfc336d651

SHA256
1d416a171c6c152e8c2bfcf9137065650291ec767d087c6626e72dd5d3b361f3

SHA512
e48af648be7345d2374b684c9c778ce5d60a89ea96d9266f7af9ab28fb9cf453159945d923e74015845661d40f9c4ca16e84659b18834165e454610cb60aa534

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\setuptools-68.1.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\ucrtbase.dll

Filesize
1.1MB

MD5
a48348dec40d63a4dd77de952344f1c7

SHA1
a92bf2cddfdba52b663c39f16b94f08324403d1d

SHA256
1c502e581d72edbd2fbdbdb2fe21077c3c3a46a7549585960a85fdb93c612295

SHA512
763b0e4013a37d4dbbd472a1c5a6b4a6f56c2cc35abd68db2a0ed71eba240ed28addd41380f85b0762355fb11420d6963c1a042e1f231364532b33083a7ae736

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
b6e10e946a9ffe298894b24155548a1e

SHA1
d897a5f8f94dfbafb8ec0710c0dedb17da10c06b

SHA256
d94f51335c1f7aaaf454dbfcce422684ea48802fa3945aa9c50950a1fd55c4e7

SHA512
f51358456a6e4ea45edb4b4df431c6c5dd8d75016820b11728fbce9061fc416dc259832b1791af3d730001c8deb7e6927385f871d564307219b245907a4c8919

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
94b256ae14a2a6ddbdb4dfb63fe4d30f

SHA1
7b28d8f1f5aa4af9c441182240c9816352468f3e

SHA256
c3e98b8663ab64fdcb2111a5174967f46b49e399c9e98083a18b4defd53f806c

SHA512
bd271eac8df6dd79be135f8e04bc08b00474cddc8cb06ad59a9715842f6c05e5dcf4b0c05e241309a940b882369bc19bc9eb38580221f62bba7e06cc39b1cfa6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
90e7f757acd89e70b45e7481bab6afbe

SHA1
493069d3f582aa9d90a7fd90c5c86a8a6a78cd86

SHA256
ccc6a3980b5c29005d74f7d5d96eb64f072e182f7bd626013a09cb99f69f7b13

SHA512
6c80a27badc8b26859a70665ce5db024d5dd5a67acf18af93efaf667fa6ac7a497a5805972b024447988f6b64f04bad1ac824e3fb2ebfe62f8e8c07051110461

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
177f2560d03ed5d87edd2d6af76bc4fd

SHA1
448ca149f314709aab2e7f950dde6a467e746c10

SHA256
ff3ba56841b02443f428e2715de19f9d655b22ecbbae940b140ac765a69b62f1

SHA512
f68becc6a4ceadfa91515f1b00c0538f8c2697f9d28684d7b5df8b47f5529dd10c33ec0955b50e3830a12cd70f3602e0df1ddfec79fb3f531c11df1425848573

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
cbc9d46f3e0ce512b5ff3a8b2f6f4689

SHA1
adb2c17b73200f6d1a35dea6faa68691ed43f6bb

SHA256
8ef41ef713f3ce6159b667dfe875743633922ab282b4a8fbb6626429f61ed6c5

SHA512
b32429041fffb1e9242f3dc4c755a97dbc1d5a354cded3e9b09cea1a94fabc9b45c8f31e15300e1b9f3bf7acbc369063c555d0f6f5ac8860ee06323b06132737

Download Submit
memory/1644-2352-0x000007FEF67C0000-0x000007FEF6C2E000-memory.dmp

Filesize
4.4MB

Download
memory/1776-6502-0x000007FEF67C0000-0x000007FEF6C2E000-memory.dmp

Filesize
4.4MB

Download