Overview

overview

7

Static

static

3

d275063b09...bf.zip

windows7-x64

1

d275063b09...bf.zip

windows10-2004-x64

1

d275063b09...bf.zip

windows7-x64

1

d275063b09...bf.zip

windows10-2004-x64

1

LANC v2.exe

windows7-x64

3

LANC v2.exe

windows10-2004-x64

3

LoginTheme.dll

windows7-x64

1

LoginTheme.dll

windows10-2004-x64

1

MephTheme.dll

windows7-x64

1

MephTheme.dll

windows10-2004-x64

1

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI..._3.exe

windows7-x64

7

PREREQUISI..._3.exe

windows10-2004-x64

7

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI...86.exe

windows7-x64

7

PREREQUISI...86.exe

windows10-2004-x64

7

PcapDotNet...is.dll

windows7-x64

1

PcapDotNet...is.dll

windows10-2004-x64

1

PcapDotNet.Base.dll

windows7-x64

1

PcapDotNet.Base.dll

windows10-2004-x64

1

PcapDotNet...ns.dll

windows7-x64

1

PcapDotNet...ns.dll

windows10-2004-x64

1

PcapDotNet.Core.dll

windows7-x64

1

PcapDotNet.Core.dll

windows10-2004-x64

1

PcapDotNet...ts.dll

windows7-x64

1

PcapDotNet...ts.dll

windows10-2004-x64

1

oui.dat

windows7-x64

3

oui.dat

windows10-2004-x64

3

ports.dat

windows7-x64

3

ports.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2023 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oui.dat

  • Size

    461KB

  • MD5

    326902d595521aaf2376cedc4c966b05

  • SHA1

    afc7bcae783916bce524518d3f1e1cf051d41c50

  • SHA256

    0d45a7d5c4e3af25f054402bce40866ae37b34c28e545903a7f9dfbeb099043a

  • SHA512

    1216a00cfbd46b0e3ba4ced0bb5f073c12e547fe0072d70bfc729d812e5f0fafc0be85c211b7fa9ded68af8fc320dc9d1446cd7892fe75790c44cb8692e1cfb9

  • SSDEEP

    12288:jKO1xIkGEY/kUHg2Rp+gvm6054SYWBOLFLrXMVjtdtEdHK4ttd:jKO1nG3kg5H1vm604SYWBOLFPMJtdtEX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\oui.dat
    1⤵
    • Modifies registry class
    PID:2644
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads