Analysis

  • max time kernel
    153s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 01:29

General

  • Target

    046d-uipak_x32 (1).exe

  • Size

    312KB

  • MD5

    391d2487595ef8e8368b9271abc76799

  • SHA1

    bfa7d96b893ca7fea349ba8d01a4f6ac17fbd968

  • SHA256

    85156b6391d646dfd0a9e8fbfba5bf234e1f629c78f0844034330a862fd77c1c

  • SHA512

    ebc133e44f16bcb40046ded9539c0adb168c37a0e9f4865735bfd38a3a02d853fd6e5a38b59cd45fc48ae31e5cb879142f981d67a07b84591aa74e4cc81bbe2e

  • SSDEEP

    6144:tzZZxgKlrEf08BCxkA6IGfA9TlM432wa7AfNgm2/xqHTi0zY108OiI:tzZz3wf0YWkIGoBMJ5QN3neVO/

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32 (1).exe
    "C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32 (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyDC7.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    8e806ea2e205dc508a2fb5adda3419db

    SHA1

    21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

    SHA256

    86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

    SHA512

    6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

  • \Users\Admin\AppData\Local\Temp\nsyDC7.tmp\System.dll

    Filesize

    11KB

    MD5

    b9f430f71c7144d8ff4ab94be2785aa6

    SHA1

    c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    SHA256

    b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    SHA512

    c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

  • \Users\Admin\AppData\Local\Temp\nsyDC7.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    7823fc560926dcd8741de6f0b900083f

    SHA1

    93dc0a704bc0b8f90668548e36daf459be0ae10a

    SHA256

    ca869d6c6752aa4a8a6c874a694b543442992d7e854d0c48a1b60bca01a8c8c6

    SHA512

    c79509cd306638ea9badec64ed9f7d0690e46fcab7ac77f25134065b628e76d2812f2d874ea2cc4283685c567b613a39d27b9fc4a6de2d4b9d30131f3161c4e9