7990ead0af35217f76fc588032b8ad1b83ec3c5b5f71992adebc35ade68e765a

Analysis

max time kernel
140s
max time network
125s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 18:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Malicious7990ead0af35217f.exe
Size

104KB
MD5

d6568fbeec1e43b02bae1513ac5fbaa1
SHA1

fef67aabc39de6de78f16c85eee26338f804634e
SHA256

7990ead0af35217f76fc588032b8ad1b83ec3c5b5f71992adebc35ade68e765a
SHA512

40e08531d1920b862cecf5f18709e1c51bb56e0a65af2f99cce53f82ab6a7ee4893cadca60a0b472041a2946600969bc65f6815eb6fb177566459d02f2e84dc0
SSDEEP

1536:HVdePelp2Xy+tuQOzOYE5aXPnZ2qjiauD0QVPgK/evgo94CwF8MgiKopZ4Gph:QweqOYEUXPnjiaurV4g84CniKopZdph

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2224	flvdownloader_setup.exe

Loads dropped DLL 16 IoCs

pid	Process
2320	Malicious7990ead0af35217f.exe
2320	Malicious7990ead0af35217f.exe
2320	Malicious7990ead0af35217f.exe
2320	Malicious7990ead0af35217f.exe
2320	Malicious7990ead0af35217f.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe
2224	flvdownloader_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2224	flvdownloader_setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28
PID 2320 wrote to memory of 2224	2320	Malicious7990ead0af35217f.exe	28

C:\Users\Admin\AppData\Local\Temp\Malicious7990ead0af35217f.exe
"C:\Users\Admin\AppData\Local\Temp\Malicious7990ead0af35217f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\flvdownloader_setup.exe
  C:\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\flvdownloader_setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\flvdownloader_setup.exe

Filesize
9.7MB

MD5
64557faed07884e67550ea5bdd9ff1b9

SHA1
f0a43f5dbcb6de59f82cf75ae59b0c44a6ab965d

SHA256
3fa979f486901aad03a0799f19a4f0cc594f3e2802525adc36b5c2b2cb382cd8

SHA512
864a805b46baaa8c1c1a27747abf0f795c48166291f3f5d4efab9f998ea9aa35afb2da9cfaa05b4a31369975a76633d72c27b658f99aff9647cfe2f5fff88df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\flvdownloader_setup.exe

Filesize
9.7MB

MD5
64557faed07884e67550ea5bdd9ff1b9

SHA1
f0a43f5dbcb6de59f82cf75ae59b0c44a6ab965d

SHA256
3fa979f486901aad03a0799f19a4f0cc594f3e2802525adc36b5c2b2cb382cd8

SHA512
864a805b46baaa8c1c1a27747abf0f795c48166291f3f5d4efab9f998ea9aa35afb2da9cfaa05b4a31369975a76633d72c27b658f99aff9647cfe2f5fff88df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst458B.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\flvdownloader_setup.exe

Filesize
9.7MB

MD5
64557faed07884e67550ea5bdd9ff1b9

SHA1
f0a43f5dbcb6de59f82cf75ae59b0c44a6ab965d

SHA256
3fa979f486901aad03a0799f19a4f0cc594f3e2802525adc36b5c2b2cb382cd8

SHA512
864a805b46baaa8c1c1a27747abf0f795c48166291f3f5d4efab9f998ea9aa35afb2da9cfaa05b4a31369975a76633d72c27b658f99aff9647cfe2f5fff88df8

Download Submit
\Users\Admin\AppData\Local\Temp\nst2FE9.tmp\inetcw.dll

Filesize
22KB

MD5
5b6759d98b6ed62f6f8d501fba6505fa

SHA1
f3a9d9e252faba24ff14a8d80e4786d66b20a717

SHA256
c97c576acddaa932188ff07f31999ba663b838d77a38eab5aed25553417f613f

SHA512
e2bafcdaff8af11efbc90d18fba30762f6054ed08836c4174bd054f5575c7252c8839077d025b3e0fbcc9a2237f47d33b770e0304d43a2616700b78a8dfde310

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISHelper.dll

Filesize
263KB

MD5
72cc5b9b61e6b0e6c0db9ba2c7a6725f

SHA1
2866f846909a44c9cadb7ad1862a2a9b05bfb0a6

SHA256
25983435ceebae8f64f7da60d768ea8bf894e90b8cffabfb12eb423a72b83bb4

SHA512
5074129f58b68dbf97500bf7a6597b7fd75a52641d218fc789fe052c1a395c6e12c27a40c5350024f09a85d2fc430af10738b530c2e28217b6fe4be5f138e0e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nst458B.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit