Overview

overview

10

Static

static

3

NWwww#5.exe

windows7-x64

10

NWwww#5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NWwww#5.exe

  • Size

    1.6MB

  • MD5

    556c972a4792908bd1056880fbcf6fb8

  • SHA1

    2db1abd5f0a4037a9935d571c4ca7f8e8b4efc15

  • SHA256

    ac7a4330088e7a46a977714c404aad19d381262a3496be2f956ed868eba3b5f3

  • SHA512

    cb088ac596350be0265e1b5ac0f1f2103d28c2c090c3644862cef57cc89ad30a91309f881f3e74af9a2f86a68b65d7cca8915e006677a9347f19ef97993dac60

  • SSDEEP

    24576:4+l2sfHM0lcBAPwaUfJLdW43C5/f4UG4:/ERA03C5

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Runs .reg file with regedit 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NWwww#5.exe
    "C:\Users\Admin\AppData\Local\Temp\NWwww#5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Public\Downloads\hthlrpse.exe
      "C:\Users\Public\Downloads\hthlrpse.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2980
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c regedit /s C:\\Users\\Public\\Downloads\\uac.reg
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s C:\\Users\\Public\\Downloads\\uac.reg
        3⤵
        • UAC bypass
        • Runs .reg file with regedit
        PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Downloads\AndroidAssistHelper.dll
    Filesize

    152KB

    MD5

    f1ccfdd550f0144a80f2b0ea791e2f7a

    SHA1

    891dd45e0a495f46d92cc9437df54b3a361db967

    SHA256

    d69d9332a42141168061e6bde1f1316d528060f93b2583acf188b78f9c062548

    SHA512

    380c5bf672dc1f716c20a993f1a643cda7b87dd9f7cee09644e5d19d746e6de3b519668bc91397e83833d5a0d4144bae99cb577faa572424fcea3cc3fdca9e24

    Download Submit

  • C:\Users\Public\Downloads\CommonLib.dll
    Filesize

    1.9MB

    MD5

    8d2adb597a93331dfdf9c5a59962df62

    SHA1

    8b578724c2b2597b146e196c0c6436b177e097cb

    SHA256

    ace46ac7b326b1e7b9860b78ef5b78d4112005c9cdff960cf524f965efd95562

    SHA512

    0c5a58c913ab08ab8a017cfc600c73181520271facfeb10c2e0d8c275c17256d4153d450d19833d104b046194330f0a1f34877abc623976ae6bfa57137207b77

    Download Submit

  • C:\Users\Public\Downloads\LiveUpdate.db
    Filesize

    1KB

    MD5

    ca1ef50f4b8e67c8581b2c5abd1632cc

    SHA1

    7de6a98c2e44eb7c4eaf3b2fc950926df4eedc83

    SHA256

    fb84ec8f2e2a971835dcf0ab906856b79aa006cbfd68e0e01c3136d2ecfed69c

    SHA512

    25ba7b2c5101e84b4d6ff0f1e487d38d654354227d38de9bd1234ac9f10137b80f9d65eef3446df00b2fce1d4f457e26b36d555f297390d669584e55e590695e

    Download Submit

  • C:\Users\Public\Downloads\MSVCP120.dll
    Filesize

    444KB

    MD5

    fd5cabbe52272bd76007b68186ebaf00

    SHA1

    efd1e306c1092c17f6944cc6bf9a1bfad4d14613

    SHA256

    87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

    SHA512

    1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

    Download Submit

  • C:\Users\Public\Downloads\MSVCR120.dll
    Filesize

    948KB

    MD5

    034ccadc1c073e4216e9466b720f9849

    SHA1

    f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

    SHA256

    86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

    SHA512

    5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

    Download Submit

  • C:\Users\Public\Downloads\hthlrpse.exe
    Filesize

    48KB

    MD5

    6ef054605667e2af4d546a51cbddb2f1

    SHA1

    c935a683e8f1ab85ef719a07dcfff312f9ce3501

    SHA256

    e9c29f5c3347e1b2c3cd53a6a0d46fadb717d63f9d00621c8855ff4d85d93a66

    SHA512

    a50feeb46c84f85e4dbd91791481c6aa29db13951bde79a9ebd9d73508efe03df5c40be7ab0ede945b2eba4cf624387f56ae7680759863e66ad2907f9ad23fcf

    Download Submit

  • C:\Users\Public\Downloads\hthlrpse.exe
    Filesize

    48KB

    MD5

    6ef054605667e2af4d546a51cbddb2f1

    SHA1

    c935a683e8f1ab85ef719a07dcfff312f9ce3501

    SHA256

    e9c29f5c3347e1b2c3cd53a6a0d46fadb717d63f9d00621c8855ff4d85d93a66

    SHA512

    a50feeb46c84f85e4dbd91791481c6aa29db13951bde79a9ebd9d73508efe03df5c40be7ab0ede945b2eba4cf624387f56ae7680759863e66ad2907f9ad23fcf

    Download Submit

  • C:\Users\Public\Downloads\hthlrpse.exe
    Filesize

    48KB

    MD5

    6ef054605667e2af4d546a51cbddb2f1

    SHA1

    c935a683e8f1ab85ef719a07dcfff312f9ce3501

    SHA256

    e9c29f5c3347e1b2c3cd53a6a0d46fadb717d63f9d00621c8855ff4d85d93a66

    SHA512

    a50feeb46c84f85e4dbd91791481c6aa29db13951bde79a9ebd9d73508efe03df5c40be7ab0ede945b2eba4cf624387f56ae7680759863e66ad2907f9ad23fcf

    Download Submit

  • C:\Users\Public\Downloads\smlog.dll
    Filesize

    154KB

    MD5

    b980923c4fda07404b3114f0a5ce24aa

    SHA1

    bf41d3443a13eb57424e3dcdd04013de533a6a25

    SHA256

    7530060649b85d910fb35da64ed9a2d0b3babaeadcce129e224e972f1f1b1029

    SHA512

    031f85bf79b08b8da7dff198bf2326a761a4bf0aa1209cd543ab9617ee0a3071c81e57e4aa0d2859d55643b62d6e1070bf9f0cce1c6d0f0265595b43ca47974f

    Download Submit

  • C:\Users\Public\Downloads\uac.reg
    Filesize

    302B

    MD5

    958dce9a39bb4d496f94ea19388cf02e

    SHA1

    d4f444e05e2c1893132506d4e8b22ef272083c95

    SHA256

    c246172071f15967432a297a46fa532f71ba61a677a37a29764e55a429b247b5

    SHA512

    9752c8406db0e92c0dab0374a428d961c7ef09679cde74bc71379e0418c00f9d36f4efec7f034f79f7763b18c531e50af1479824eb88458f3391824c406903cc

    Download Submit

  • C:\Users\Public\Downloads\zlib1.dll
    Filesize

    134KB

    MD5

    c96bf8296cc03164a0309e5acaea0426

    SHA1

    b0ad779e64670f84ccbe471b936c0e57d45d1ed9

    SHA256

    0ad6e0730cf3c8744de8af8522eadd092fbd4cf6aaf87a594d60bbfbfa3465a0

    SHA512

    0e06807cee503259ab6771beeb0297460b440e38eddb5636a16911391ac95d8aa5b25fbebd2267b539b482a95223f5405c9d5a7d7558c5fb146cacbb1b893620

    Download Submit

  • \Users\Public\Downloads\AndroidAssistHelper.dll
    Filesize

    152KB

    MD5

    f1ccfdd550f0144a80f2b0ea791e2f7a

    SHA1

    891dd45e0a495f46d92cc9437df54b3a361db967

    SHA256

    d69d9332a42141168061e6bde1f1316d528060f93b2583acf188b78f9c062548

    SHA512

    380c5bf672dc1f716c20a993f1a643cda7b87dd9f7cee09644e5d19d746e6de3b519668bc91397e83833d5a0d4144bae99cb577faa572424fcea3cc3fdca9e24

    Download Submit

  • \Users\Public\Downloads\CommonLib.dll
    Filesize

    1.9MB

    MD5

    8d2adb597a93331dfdf9c5a59962df62

    SHA1

    8b578724c2b2597b146e196c0c6436b177e097cb

    SHA256

    ace46ac7b326b1e7b9860b78ef5b78d4112005c9cdff960cf524f965efd95562

    SHA512

    0c5a58c913ab08ab8a017cfc600c73181520271facfeb10c2e0d8c275c17256d4153d450d19833d104b046194330f0a1f34877abc623976ae6bfa57137207b77

    Download Submit

  • \Users\Public\Downloads\hthlrpse.exe
    Filesize

    48KB

    MD5

    6ef054605667e2af4d546a51cbddb2f1

    SHA1

    c935a683e8f1ab85ef719a07dcfff312f9ce3501

    SHA256

    e9c29f5c3347e1b2c3cd53a6a0d46fadb717d63f9d00621c8855ff4d85d93a66

    SHA512

    a50feeb46c84f85e4dbd91791481c6aa29db13951bde79a9ebd9d73508efe03df5c40be7ab0ede945b2eba4cf624387f56ae7680759863e66ad2907f9ad23fcf

    Download Submit

  • \Users\Public\Downloads\msvcp120.dll
    Filesize

    444KB

    MD5

    fd5cabbe52272bd76007b68186ebaf00

    SHA1

    efd1e306c1092c17f6944cc6bf9a1bfad4d14613

    SHA256

    87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

    SHA512

    1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

    Download Submit

  • \Users\Public\Downloads\msvcr120.dll
    Filesize

    948KB

    MD5

    034ccadc1c073e4216e9466b720f9849

    SHA1

    f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

    SHA256

    86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

    SHA512

    5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

    Download Submit

  • \Users\Public\Downloads\smlog.dll
    Filesize

    154KB

    MD5

    b980923c4fda07404b3114f0a5ce24aa

    SHA1

    bf41d3443a13eb57424e3dcdd04013de533a6a25

    SHA256

    7530060649b85d910fb35da64ed9a2d0b3babaeadcce129e224e972f1f1b1029

    SHA512

    031f85bf79b08b8da7dff198bf2326a761a4bf0aa1209cd543ab9617ee0a3071c81e57e4aa0d2859d55643b62d6e1070bf9f0cce1c6d0f0265595b43ca47974f

    Download Submit

  • \Users\Public\Downloads\zlib1.dll
    Filesize

    134KB

    MD5

    c96bf8296cc03164a0309e5acaea0426

    SHA1

    b0ad779e64670f84ccbe471b936c0e57d45d1ed9

    SHA256

    0ad6e0730cf3c8744de8af8522eadd092fbd4cf6aaf87a594d60bbfbfa3465a0

    SHA512

    0e06807cee503259ab6771beeb0297460b440e38eddb5636a16911391ac95d8aa5b25fbebd2267b539b482a95223f5405c9d5a7d7558c5fb146cacbb1b893620

    Download Submit

  • memory/2208-53-0x00000000033E0000-0x000000000346A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2208-54-0x00000000033E0000-0x000000000346A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2208-100-0x00000000033E0000-0x000000000346A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2980-97-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2980-102-0x00000000001C0000-0x0000000000241000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2980-103-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-105-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-104-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-106-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-107-0x0000000002510000-0x0000000002542000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2980-109-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-108-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-110-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-111-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-112-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-113-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-114-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-101-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2980-116-0x00000000025E0000-0x0000000002619000-memory.dmp

    Filesize

    228KB

    Download