Overview

overview

7

Static

static

3

GoodGirl.exe

windows11-21h2-x64

7

Resubmissions

09/05/2025, 20:32

250509-zbkj3sbn9w 7

08/05/2025, 08:53

250508-ktnxwsskv3 7

Analysis

  • max time kernel
    53s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/05/2025, 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GoodGirl.exe

  • Size

    28.8MB

  • MD5

    b51cf93ed17768f7a5462042a7a8262a

  • SHA1

    538813357cfc69c0c633c777a6b558d3b30418a2

  • SHA256

    48c5c320db86ee2eaa7420a28c27205e2318489f04cec23e67f9c784426bb5e6

  • SHA512

    dda7c9a0fdbf7de1c3ef5740e581196dadc40b87f75acd21ded492ca0c068dc32ca6446428a0e651e1bb879fe0e71a7e33336b6868d3741946c5ea21522eb746

  • SSDEEP

    786432:Jm6WYkJ/cccerNmc8QxF9NDjOethz/ENbToDKfN:JmFzJ5cerNXlNDjOWE

Score
7/10
ransomware

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GoodGirl.exe
    "C:\Users\Admin\AppData\Local\Temp\GoodGirl.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:428
    • C:\Users\Admin\AppData\Local\Temp\GoodGirl.exe
      "C:\Users\Admin\AppData\Local\Temp\GoodGirl.exe"
      2⤵
      • Loads dropped DLL
      • Sets desktop wallpaper using registry
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\_MEI4282\media\video.mp4"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1500
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2964
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3652

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\VCRUNTIME140.dll
    Filesize

    117KB

    MD5

    32da96115c9d783a0769312c0482a62d

    SHA1

    2ea840a5faa87a2fe8d7e5cb4367f2418077d66b

    SHA256

    052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4

    SHA512

    616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\VCRUNTIME140_1.dll
    Filesize

    48KB

    MD5

    c0c0b4c611561f94798b62eb43097722

    SHA1

    523f515eed3af6d50e57a3eaeb906f4ccc1865fe

    SHA256

    6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8

    SHA512

    35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_bz2.pyd
    Filesize

    83KB

    MD5

    684d656aada9f7d74f5a5bdcf16d0edb

    SHA1

    f7586da90d101b5ee3fa24f131ee93ab89606919

    SHA256

    449058efc99fccb9e24d640084d845c78f3f86dd34c5c126cf69e523d6320d75

    SHA512

    27fb2eca382675316fb96d18a1aa6b2792077481bf899cbcc658d71f787876045c05c98abf129c9670b6a1d2654d57f59e17580139fa7f482ec27234e44d4235

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_ctypes.pyd
    Filesize

    130KB

    MD5

    29873384e13b0a78ee9857604161514b

    SHA1

    110f60f74b06b3972acd5908937a40e078636479

    SHA256

    5c0d5082fba1a2a3eb8d5e23073be25164c19f21304b09cecaab340dc7198815

    SHA512

    ca826ff5403700e6d8822634e364e43b14ef829095d8fe365b49731236f696fe86ffa3853cd1801dc3b7800d005a032fe23bbc25befe3952ef37790d56dee3c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_decimal.pyd
    Filesize

    273KB

    MD5

    21fcb8e3d4310346a5dc1a216e7e23ca

    SHA1

    aab11aef9075715733e0fcde9668c6a51654b9e1

    SHA256

    4e27c06b84401039d10f800a0f06446b58508784ee366c7c8324d8fe9794e1a5

    SHA512

    c064550d1723e92512a42ce367ecef9331a81121305d66199abce6e0977152d927f7223f475e22c67e3f64b0f612c5553f112d8ce653c666a98d1980d200a599

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_hashlib.pyd
    Filesize

    63KB

    MD5

    3e540ef568215561590df215801b0f59

    SHA1

    3b6db31a97115c10c33266cce8ff80463763c7e6

    SHA256

    52f29aebe9886e830dedc363cd64eb53b6830d84b26e14f1b6faa655a0900b5d

    SHA512

    21497a4d1d999a420ed0e146544f4149c72ad4aca4b869a0ee83267d92afa07609ece76a4e95ec706a21580d6544146d0a58c0baa01aa2c242474a4816108527

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_lzma.pyd
    Filesize

    155KB

    MD5

    d63e2e743ea103626d33b3c1d882f419

    SHA1

    af8a162b43f99b943d1c87c9a9e8088816263373

    SHA256

    48f16b587c6faa44a9e073365b19599200b0f0a0ccb70121e76c2dac4ed53281

    SHA512

    d3f1450b5def3c21f47c5133073e76d2ec05787eb6ae88bb70d3a34be84f6025540ac017e9415bb22ef36c2ffbfcea38a28842eefe366325f3d3cf2cca1a3cb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_queue.pyd
    Filesize

    34KB

    MD5

    cc0f4a77ccfe39efc8019fa8b74c06d0

    SHA1

    77a713cd5880d5254dd0d1cbfe0d6a45dfc869ce

    SHA256

    af8ac8ab8b39f53b5dc192fbf58ad704a709db34e69753b97b83d087202e3a36

    SHA512

    ffea0bd7f73b6c02df6ff37ef39b8e54e480a4cc734fb149adc5c7410f445effd1fdd4f24e4619f7158913a50c28cc73629524d1a7389101a75257d5652c7823

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_socket.pyd
    Filesize

    83KB

    MD5

    566cb4d39b700c19dbd7175bd4f2b649

    SHA1

    bede896259b6d52d538c2182aef87c334fc9c73c

    SHA256

    bced17d6f081d81ea7cd92f1e071e38f8840e61ee0fe1524221b776bcfa78650

    SHA512

    6a26fd59e2c2ec34b673ef257a00d5577f52286d78525d05efc8a88760fb575be65c3e94e83396f4978c8734b513afe7f09d3c49474169144f98add406530367

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\_wmi.pyd
    Filesize

    38KB

    MD5

    47e6fd132f44a4feb595bd0fda3c4e1c

    SHA1

    37c6c2c1ff309db7273afc9324a37b716c5cbfdb

    SHA256

    ebd252d21af9c84128fca04c994093a5bd6ee857f1581f06f4026fdd6a2c40e0

    SHA512

    69c031d4ff2dac70739f9c188fca3c6969304f22782adf5a9c0ca303a3a712630541bda888ef25d3252b46d43df56f6e7e03c83d331840088c4224d1a1a512c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\base_library.zip
    Filesize

    1.3MB

    MD5

    38c2b8dcdfd4b77c796b5c54a3edd5ed

    SHA1

    a47f74f28d76dfc2b7637f0165bbc8c24b0faa58

    SHA256

    39bfb783785f65c88d9b1c6f6d73565e85cdec615933982e9ed6a4cd503d326b

    SHA512

    6c191747e3f9e17ab41b0f5bba019b9da2da7e851aa3ed1116032fe1b081a954d5a470af006f614eaa41ec9e623d35ccb2c4ca3d7dca68021f7045f69d4858f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\libcrypto-3.dll
    Filesize

    5.0MB

    MD5

    ae5b2e9a3410839b31938f24b6fc5cd8

    SHA1

    9f9a14efc15c904f408a0d364d55a144427e4949

    SHA256

    ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7

    SHA512

    36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\libffi-8.dll
    Filesize

    38KB

    MD5

    0f8e4992ca92baaf54cc0b43aaccce21

    SHA1

    c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

    SHA256

    eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

    SHA512

    6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\media\video.mp4
    Filesize

    21.8MB

    MD5

    87a5398ded8c9255853f84a4903db9ec

    SHA1

    7ade6695dadb41ccf8fc3154e316cbb22443d34f

    SHA256

    66d6ee1711ffabc6eefe3f48877d8876cc6afbc6f55bfbc77456979578fb254d

    SHA512

    41d57ef43ade3b6e2807df9d5f8ed52ccadf8db3d7ae0c166b03a233838c7a2d5d6cbafff944fbb9709f694c37ba87806603460b2d0933303796463d1760524f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\python313.dll
    Filesize

    5.8MB

    MD5

    7387fe038ea75eb9a57b054fccfe37bf

    SHA1

    5c532cbdfd718b5e80afb2ee8dea991e84757712

    SHA256

    69fd86ea29370697c203f7e12830084f920f490766a8e3045af52c036a9ad529

    SHA512

    c46c982b04079ed0b13617b81168598632d6c58d29e23fcbfa064b08e5836866b74880e1a9c01c12670531f13521a21177aafb10be0abb329a79291d7bff08bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\select.pyd
    Filesize

    31KB

    MD5

    715a098175d3ca1c1da2dc5756b31860

    SHA1

    6b3ec06d679c48bfe4391535a822b58a02d79026

    SHA256

    6393121130a3e85d0f6562948024d8614c4c144b84ab102af711c638344d1599

    SHA512

    e92edb98427f594badec592493469d45deab3b71e4598d544d0b9a1acffd5327a19c09029fb79d70971cb0ed0dba56056bef8455534d3f16ec35eac723062f3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI4282\unicodedata.pyd
    Filesize

    695KB

    MD5

    503b3ffa6a5bf45ab34d6d74352f206b

    SHA1

    cc13b85281e5d52413784e0b65a61b1d037c60cc

    SHA256

    071494856fdad0042964769aa2fb1de4ea95c2cfcbe27cc7132293c68d13d710

    SHA512

    d20b860974161caa60a62268968af353ad8063589f57d71f57c91855eb83da78f40bae7aa745cc7a945d92ebe08cf244c9560ae93449de45b20a8b8fff9f5010

    Download Submit

  • memory/1500-58-0x00007FFA4EAC0000-0x00007FFA4EADD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1500-70-0x00007FFA4E6E0000-0x00007FFA4E6F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1500-59-0x00007FFA4EAA0000-0x00007FFA4EAB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-61-0x00007FFA4EA50000-0x00007FFA4EA91000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1500-60-0x00007FFA3D6C0000-0x00007FFA3D8CB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1500-50-0x00007FF7A38A0000-0x00007FF7A3998000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1500-52-0x00007FFA3D010000-0x00007FFA3D2C6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1500-57-0x00007FFA4EAE0000-0x00007FFA4EAF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-56-0x00007FFA4EB00000-0x00007FFA4EB17000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1500-55-0x00007FFA4EB20000-0x00007FFA4EB31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-72-0x00007FFA3CD70000-0x00007FFA3CDD7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1500-75-0x00007FFA3BB30000-0x00007FFA3BB87000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1500-74-0x00007FFA4E690000-0x00007FFA4E6A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-73-0x00007FFA3CCF0000-0x00007FFA3CD6C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1500-71-0x00007FFA4E6B0000-0x00007FFA4E6E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1500-51-0x00007FFA4EF70000-0x00007FFA4EFA4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1500-69-0x00007FFA4E700000-0x00007FFA4E711000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-68-0x00007FFA4E720000-0x00007FFA4E73B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1500-62-0x00007FFA3BB90000-0x00007FFA3CC40000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1500-67-0x00007FFA4E740000-0x00007FFA4E751000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-66-0x00007FFA4E760000-0x00007FFA4E771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-65-0x00007FFA4E780000-0x00007FFA4E791000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1500-64-0x00007FFA4E7A0000-0x00007FFA4E7B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1500-63-0x00007FFA4E7C0000-0x00007FFA4E7E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1500-54-0x00007FFA4EF50000-0x00007FFA4EF67000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1500-53-0x00007FFA4F2D0000-0x00007FFA4F2E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1500-76-0x000001DEB0910000-0x000001DEB217F000-memory.dmp

    Filesize

    24.4MB

    Download

  • memory/1500-79-0x00007FFA3D010000-0x00007FFA3D2C6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1500-89-0x00007FFA3BB90000-0x00007FFA3CC40000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1500-106-0x00007FFA3D010000-0x00007FFA3D2C6000-memory.dmp

    Filesize

    2.7MB

    Download
OSZAR »