Resubmissions

03-07-2023 18:01

230703-wlzj7sah3w 7

03-07-2023 17:59

230703-wkw3pahe28 7

Analysis

  • max time kernel
    75s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2023 17:59

General

  • Target

    spsetup132.exe

  • Size

    8.6MB

  • MD5

    2e57838af780fba75f9085a67cde99e4

  • SHA1

    8070b4e5c50a4a981f6dcf78ffd424c065182b09

  • SHA256

    0a9e739910578192e2ad3f8f805a863d5cbcacbc38cde6488d7bbef5395dba87

  • SHA512

    84d58581d306c568db4ce572c509f69751932fe9293218f531e4d92951dd7d804756aeca8ede459c0a634e6f140fd9455693955325739657b5699d5d48d0ce63

  • SSDEEP

    196608:FuYr1j0wlfy/tycs/bZ6ctLCyoZcmtZs47ctad+UK7HZDLtHw57I:FuYr5ik/TtLCfXOad+/ZHs7I

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spsetup132.exe
    "C:\Users\Admin\AppData\Local\Temp\spsetup132.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\System.dll

    Filesize

    11KB

    MD5

    41a3c964232edd2d7d5edea53e8245cd

    SHA1

    76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

    SHA256

    8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

    SHA512

    fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\g\gcapi_dll.dll

    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    2aba8f16eca82517460013a3de7cbf67

    SHA1

    3812192fa7b873f426c4b0d0d822b3c9d51aa164

    SHA256

    60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

    SHA512

    4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\ui\pfUI.dll

    Filesize

    13.6MB

    MD5

    1bfa036321fcb209564549538345a289

    SHA1

    8ede722a5cc6135847ad5276f30143022fa7bacf

    SHA256

    547e48f35a1c38362cfa71a3ffe1b81cc8d61eb204157828e2ec58a80f3e4b2e

    SHA512

    9729cc5ca18dbd58b516169de053d50e0df9288fc2d91cbbbd887573fe006c5f506789f23a09a73dfcf75fa71b9cff88e0f59da550263d877939be8c4f996d92

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\ui\res\PF_logo.png

    Filesize

    3KB

    MD5

    079cca30760cca3c01863b6b96e87848

    SHA1

    98c2ca01f248bc61817db7e5faea4a3d8310db50

    SHA256

    8dd37d3721e25c32c5bf878b6dba9e61d04b7ce8aec45bdf703a41bc41802dfa

    SHA512

    3e25c10e3a5830584c608b9178ab062e93e0e9009a7d897bb5e3561180b0b0910bd4178063d982eb33806a005c93931ae2ec5be520ec0d0c9a7c452cb78fd6a8

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\ui\res\SP_computer.png

    Filesize

    66KB

    MD5

    873b7c34ced38adaa2d01752099c09df

    SHA1

    e659d094f6e3fe6f71a3f1b047b75206bab168a0

    SHA256

    aced6376065f2c71b4b619823f735bbdcac967a5113cd4e6b978298a58c927c9

    SHA512

    a8d54d52bb5ec4502cd4bb829eef23c1b2edff9daeeca0f4fb7dbaa0cabdcac763a60aedc8393ba12a393a8263a5c06d3555d7b165cf9927dd9cc18d68b9e510

  • C:\Users\Admin\AppData\Local\Temp\nsj126B.tmp\ui\res\Speccy_Logo_72px.png

    Filesize

    8KB

    MD5

    1787175d95eab213cf5a8bc25e252676

    SHA1

    1d4bd97b2bcaabd26f2ef7781b91233575e1ba0f

    SHA256

    65fa6baa9d140251d04069cf538f3262ebbb0e4e62d58d06cc58ad8b22085a83

    SHA512

    de1df226bb9bf84305aea43c237ea76937a9df0c56ecd9afeee1920c3f4d600fde0cc0c027ca397fb6067ffb1a7fe8c03496d82ed844bb4f47f32b2b30eda52f

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\System.dll

    Filesize

    11KB

    MD5

    41a3c964232edd2d7d5edea53e8245cd

    SHA1

    76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

    SHA256

    8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

    SHA512

    fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\System.dll

    Filesize

    11KB

    MD5

    41a3c964232edd2d7d5edea53e8245cd

    SHA1

    76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

    SHA256

    8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

    SHA512

    fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    c1f778a6d65178d34bde4206161a98e0

    SHA1

    29719fffef1ab6fe2df47e5ed258a5e3b3a11cfc

    SHA256

    9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87

    SHA512

    9c3cf25cf43f85a5f9c9ed555f12f3626ef9daeeedd4d366ada58748ead1f6e279fea977c76ae8bae1dc49bfd852e899cb137c4a006c13e9fcebf6e5e2926a4d

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\g\gcapi_dll.dll

    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\g\gcapi_dll.dll

    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    2aba8f16eca82517460013a3de7cbf67

    SHA1

    3812192fa7b873f426c4b0d0d822b3c9d51aa164

    SHA256

    60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

    SHA512

    4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    2aba8f16eca82517460013a3de7cbf67

    SHA1

    3812192fa7b873f426c4b0d0d822b3c9d51aa164

    SHA256

    60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

    SHA512

    4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

  • \Users\Admin\AppData\Local\Temp\nsj126B.tmp\ui\pfUI.dll

    Filesize

    13.6MB

    MD5

    1bfa036321fcb209564549538345a289

    SHA1

    8ede722a5cc6135847ad5276f30143022fa7bacf

    SHA256

    547e48f35a1c38362cfa71a3ffe1b81cc8d61eb204157828e2ec58a80f3e4b2e

    SHA512

    9729cc5ca18dbd58b516169de053d50e0df9288fc2d91cbbbd887573fe006c5f506789f23a09a73dfcf75fa71b9cff88e0f59da550263d877939be8c4f996d92

  • memory/2100-149-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

    Filesize

    4KB