Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 03:05

General

  • Target

    Gopidirit.exe

  • Size

    7.5MB

  • MD5

    dd749d83056ecb224b888d51a6748244

  • SHA1

    be2a4958e9fd52a0ca31a9b496e2d55900a79a10

  • SHA256

    553f70ff7e6aa1e1d9cc0452799b932dca7240fd3bfbd872fdeffdfd17c51704

  • SHA512

    16b89c511a49047a98f1b6894a8afc22d90092c86af60eaffb535bb98bdb7989d695057f2d09994d16f98a6077a9178dd76ed4d01982e1063196c78726c6091c

  • SSDEEP

    196608:0jwJiv+RneA0pkTheTFPYbhqyH40AW8WOOxSebUKGSwd:0nGOeh4wbhqyH4bWrOMXmSwd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 16 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Gopidirit.exe
    "C:\Users\Admin\AppData\Local\Temp\Gopidirit.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2348

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\evb1D08.tmp

          Filesize

          1KB

          MD5

          05536a8959254cbc8c9c9bad8abbc89a

          SHA1

          5ac3ba35d844f88b44765c0a45d4440b9722c083

          SHA256

          1f278b45aa5291a6c162f9088cf737a77ad4266b21f15aa7d96b8187965bbab8

          SHA512

          5e9a7a4c77264bba48a978211494550cee7afc9624099eb0b899cd8e6a79c4ce8b8efaf598716038ba3b838f52427293dc19d90744b748974b494297aa9d2d73

        • C:\Users\Admin\AppData\Local\Temp\evb1F40.tmp

          Filesize

          1KB

          MD5

          04fb2d6d6813ffe1f14cb875f75bee89

          SHA1

          b77c9bdac152ff0e36b4f9b2cf1bfcbc8c669f6d

          SHA256

          f36b32e7d3993a50e78f63d29c14e82782f0b2e460408a2bd1d294f57b658b89

          SHA512

          6632f25e32d85d4e036655b00d164c6ee586e0bd6c428b1a328914bdec74bfbc00b1a43875defc9da4031cd959490c968095de77a309a767b97a2ef43609d2df

        • memory/2348-55-0x0000000026140000-0x0000000026166000-memory.dmp

          Filesize

          152KB

        • memory/2348-99-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-5-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-8-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-6-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-10-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-11-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-12-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-13-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-69-0x000000002A370000-0x000000002A378000-memory.dmp

          Filesize

          32KB

        • memory/2348-14-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-9-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-7-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-3-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-16-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-21-0x0000000005C10000-0x0000000005C56000-memory.dmp

          Filesize

          280KB

        • memory/2348-22-0x0000000005820000-0x000000000583A000-memory.dmp

          Filesize

          104KB

        • memory/2348-23-0x0000000006C30000-0x0000000006C52000-memory.dmp

          Filesize

          136KB

        • memory/2348-24-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-25-0x0000000023ED0000-0x0000000023FA2000-memory.dmp

          Filesize

          840KB

        • memory/2348-30-0x0000000006D20000-0x0000000006D6A000-memory.dmp

          Filesize

          296KB

        • memory/2348-35-0x0000000006CB0000-0x0000000006CD0000-memory.dmp

          Filesize

          128KB

        • memory/2348-40-0x0000000006CD0000-0x0000000006CEE000-memory.dmp

          Filesize

          120KB

        • memory/2348-45-0x0000000006CF0000-0x0000000006D0C000-memory.dmp

          Filesize

          112KB

        • memory/2348-50-0x00000000260E0000-0x000000002613A000-memory.dmp

          Filesize

          360KB

        • memory/2348-0-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-4-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-60-0x0000000026170000-0x000000002618E000-memory.dmp

          Filesize

          120KB

        • memory/2348-15-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-1-0x00007FF4C96D0000-0x00007FF4C9AA1000-memory.dmp

          Filesize

          3.8MB

        • memory/2348-72-0x0000000180000000-0x0000000180137000-memory.dmp

          Filesize

          1.2MB

        • memory/2348-75-0x0000000180000000-0x0000000180137000-memory.dmp

          Filesize

          1.2MB

        • memory/2348-80-0x0000000029270000-0x000000002927C000-memory.dmp

          Filesize

          48KB

        • memory/2348-81-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-82-0x00007FF4C96D0000-0x00007FF4C9AA1000-memory.dmp

          Filesize

          3.8MB

        • memory/2348-83-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-84-0x00007FFF4EF6D000-0x00007FFF4EF6E000-memory.dmp

          Filesize

          4KB

        • memory/2348-85-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-87-0x0000000180000000-0x0000000180137000-memory.dmp

          Filesize

          1.2MB

        • memory/2348-89-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-86-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-88-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-90-0x00007FFF4EED0000-0x00007FFF4F0C5000-memory.dmp

          Filesize

          2.0MB

        • memory/2348-91-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-93-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-95-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-97-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-100-0x0000000180000000-0x0000000180137000-memory.dmp

          Filesize

          1.2MB

        • memory/2348-2-0x00007FFF4EF6D000-0x00007FFF4EF6E000-memory.dmp

          Filesize

          4KB

        • memory/2348-101-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-103-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-105-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-107-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB

        • memory/2348-109-0x0000000000F50000-0x0000000002320000-memory.dmp

          Filesize

          19.8MB