055caaefde69b8f954e521098a68cd9116aedcef04d8a37d87d90e9317bef79f

Resubmissions

29-05-2023 14:56

230529-sa5ejacg6z 7

22-05-2023 06:48

230522-hlan7ahd7t 7

22-05-2023 04:12

230522-eswnfsea36 7

Analysis

max time kernel
24s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-05-2023 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe
Size

126.5MB
MD5

1430291f2db13c3d94181ada91681408
SHA1

8b4595c5122b54eb6fa1175ad18d9ff1cc0131cb
SHA256

055caaefde69b8f954e521098a68cd9116aedcef04d8a37d87d90e9317bef79f
SHA512

43fc3b1a75409edc99ad030dce109cd18b77a710dc58e36f91ec0fd23dcdf673c1a2ff0b81fdf52fa8dce6c901c7c479acb1c2b68e210abd454398ff5769f487
SSDEEP

3145728:ohb6pCypWeoG5wJO20Awe4mCkU9Zt4zbiV9bi4i2dFwkAM:oJvyNwJO2DwelCkUrKsb7i2dv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
908	smartpss.exe

Loads dropped DLL 9 IoCs

pid	Process
1148	Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000014123-56.dat	nsis_installer_1
behavioral2/files/0x0007000000014123-56.dat	nsis_installer_2
behavioral2/files/0x0007000000014123-60.dat	nsis_installer_1
behavioral2/files/0x0007000000014123-60.dat	nsis_installer_2
behavioral2/files/0x0007000000014123-62.dat	nsis_installer_1
behavioral2/files/0x0007000000014123-62.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
2024	SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2024	1148	Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe	28
PID 1148 wrote to memory of 2024	1148	Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe	28
PID 1148 wrote to memory of 2024	1148	Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe	28
PID 1148 wrote to memory of 2024	1148	Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe	28

C:\Users\Admin\AppData\Local\Temp\Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe
"C:\Users\Admin\AppData\Local\Temp\Malicious-SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General-v1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1148
- C:\PROGRAMDATA\SMARTPSS-Win32_ChnEng_IS\SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe
  "C:\PROGRAMDATA\SMARTPSS-Win32_ChnEng_IS\SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\PROGRAMDATA\SMARTPSS-Win32_ChnEng_IS\smartpss.exe
  "C:\PROGRAMDATA\SMARTPSS-Win32_ChnEng_IS\smartpss.exe" http://sdoc.xyz/ID-508260156241
  2⤵
  - Executes dropped EXE
  PID:908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRAMDATA\SMARTPSS-Win32_ChnEng_IS\SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe

Filesize
126.9MB

MD5
b540b8a341c20dced4bad4e568b4cbf9

SHA1
9a9742f9465375de68386c73b5386d54f25b5353

SHA256
bfc7b4a2923415ebe1fe910a0e1c25bdf501309f3c0857f5b0d6fd5d67d25c72

SHA512
9a5d30e40fc16e1a8ce1edb6e8a5d74cb1c5fa1c5cdb6387e93133e1873e634f0f94960a889cf60869304ba99ce510657eada4756dd1e9f6f6d4cc3664563629

Download Submit
C:\ProgramData\SMARTPSS-Win32_ChnEng_IS\SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe

Filesize
126.9MB

MD5
b540b8a341c20dced4bad4e568b4cbf9

SHA1
9a9742f9465375de68386c73b5386d54f25b5353

SHA256
bfc7b4a2923415ebe1fe910a0e1c25bdf501309f3c0857f5b0d6fd5d67d25c72

SHA512
9a5d30e40fc16e1a8ce1edb6e8a5d74cb1c5fa1c5cdb6387e93133e1873e634f0f94960a889cf60869304ba99ce510657eada4756dd1e9f6f6d4cc3664563629

Download Submit
C:\ProgramData\SMARTPSS-Win32_ChnEng_IS\smartpss.exe

Filesize
14KB

MD5
c180f493ce2e609c92f4a66de9f02ed6

SHA1
32c1df3ffcd43fc89f85a9b015b1a5f2dca80c3b

SHA256
08fd7041d005ab8c21e4e744759489ce9ef3cf2ed75e504553a7273df9eb0fe3

SHA512
29a14cb50ebbb0381a275521040af2d8db949f95e94f814a116eed67937f0f3199e989f19d93bd78e982c9ca0a6a5955b4f33241df6f10dd16c54c7db458c76f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\LangStr_en.ini

Filesize
4KB

MD5
95c41687b134704a69210ee8ccc5d523

SHA1
06b50d05cc665a6a501c4f2e015a77a0f74081ff

SHA256
a5344c220305c598fb13dfac6fdf85c7f7dbc9e8fef849df8c7a778d62c8ce05

SHA512
2247b2df2b4d180d91a6fa6a3f06a501e357422b875f1f6066ae8cba1a9bb431a8dc91d9e555f8d18e38c90bc9a1cb5ea6ac260d8697f52c258e822f17488448

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\LangStr_es.ini

Filesize
4KB

MD5
bb0eee891dc159c17462c22f6857a434

SHA1
e7296808204a46d10aa9c6884fcf92676248a848

SHA256
c521da3c0222b31c1d91ebb45e28045ede7c11b7b168e613dee97eef055fb191

SHA512
bb26749a3a90ed6130321c3013063ca85773beb1cd324392f6afd382476535b50cbeafcf49bb23621887a47f46f705b4e49e87940770d283f8dd1319968b6ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\Slide 05.jpg

Filesize
13KB

MD5
504067de4f6f63bb720d829d9538c29a

SHA1
01939c763f7ba5562adfac5b9684f7237233e626

SHA256
1351a8e4a54cd6c1d959c3b61537a31bd792aaf41682be0e59ed714130ae7a4d

SHA512
2fe0fa4fc60a5c2706b00f8da236fbc5f8aa869bfc897f64841a99623763b6286ad354d0f0d405c7f3ccc41480b73f2a8a358f05605b86c8a77fa8a1d59bad2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\licenseEN.rtf

Filesize
63KB

MD5
e6e36d4f5d374e08336bcc218e56df57

SHA1
9f9fdc1685832a8c183fcf7dce06d69c7cce68e8

SHA256
c4b8c123e131b50a3086cd7c65acc94b3b73be9859951ff3dffec2fe106165a4

SHA512
8c75437ba58a9a6c7bbef13b21df90d24ac15ac1f73daab6eae85df68eb6f5bb439132f24c69f63b6cca4c75b39e083aee0bfadbcc436d22e82cde70a592f83f

Download Submit
\ProgramData\SMARTPSS-Win32_ChnEng_IS\SMARTPSS-Win32_ChnEng_IS_V2.002.0000007.0.R.181023-General.exe

Filesize
126.9MB

MD5
b540b8a341c20dced4bad4e568b4cbf9

SHA1
9a9742f9465375de68386c73b5386d54f25b5353

SHA256
bfc7b4a2923415ebe1fe910a0e1c25bdf501309f3c0857f5b0d6fd5d67d25c72

SHA512
9a5d30e40fc16e1a8ce1edb6e8a5d74cb1c5fa1c5cdb6387e93133e1873e634f0f94960a889cf60869304ba99ce510657eada4756dd1e9f6f6d4cc3664563629

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\ButtonEvent.dll

Filesize
4KB

MD5
fad9d09fc0267e8513b8628e767b2604

SHA1
bea76a7621c07b30ed90bedef4d608a5b9e15300

SHA256
5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

SHA512
b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\SkinBtn.dll

Filesize
4KB

MD5
e4ec95271ff1bcebab49bdfed6817a22

SHA1
2c03e97f4773aea80ecdb98a1482e5896fe4677b

SHA256
ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

SHA512
771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\WndProc.dll

Filesize
3KB

MD5
f0cb331dd4bd92a6ebce45e7cd1cf5ef

SHA1
b66ea0c10b08750295f2dc7c170b370402393214

SHA256
e7b3115fa2ce4a8fa09beeefa4fb634a474197f38a2854ce9be60d0a26016458

SHA512
7c33418f39b91ae0d4cc8b560f516bac293593eef539832815028878c2058bf1691c2d767a039cf312989839071f2f6f0b6d9d59835acdfff6b448bf1ffea271

Download Submit
\Users\Admin\AppData\Local\Temp\nst4EBE.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
memory/2024-220-0x00000000004E0000-0x00000000004EB000-memory.dmp

Filesize
44KB

Download
memory/2024-254-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download