Resubmissions
29-06-2024 21:22
240629-z8cwhawfpd 1029-06-2024 21:22
240629-z788bawfmh 1029-06-2024 21:20
240629-z6qdtazdnl 529-06-2024 19:43
240629-ye94gaxgmk 10Analysis
-
max time kernel
19s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
29-06-2024 21:22
Static task
static1
Behavioral task
behavioral1
Sample
Gtool.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Gtool.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Gtool.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Gtool.exe
Resource
win11-20240508-en
General
-
Target
Gtool.exe
-
Size
526KB
-
MD5
25d66863ae6b40666fe4ea3031c00957
-
SHA1
07408d2073032c8fa07a1e3f1613274039183ef9
-
SHA256
ffeabd18beabd0c0090ca6ff166e7f724ee80c120c602e46a4ce2e427887b762
-
SHA512
03644f6de2da25939ec5b460f90d052718fce40f84d2d75788836a02d20f3352e967b6df80ddfd8b858f11af9ff9c08be419373f903063ee1aeb9a58385892a8
-
SSDEEP
12288:PnUB23lHRG/X5maWsBZUXHgBEDwAW8WrlrpQy7lQ:PUE1H2JmaWs0CeFmZ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1920 2556 WerFault.exe Gtool.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Gtool.exedescription pid process target process PID 2556 wrote to memory of 1920 2556 Gtool.exe WerFault.exe PID 2556 wrote to memory of 1920 2556 Gtool.exe WerFault.exe PID 2556 wrote to memory of 1920 2556 Gtool.exe WerFault.exe PID 2556 wrote to memory of 1920 2556 Gtool.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2556-0-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB