Overview

overview

10

Static

static

10

AnyDesk v3...V).exe

windows10-2004-x64

1

DLL Explor...32.exe

windows10-2004-x64

7

DLL Explor...64.exe

windows10-2004-x64

7

DLL UnInje...or.exe

windows10-2004-x64

1

Everything...ng.exe

windows10-2004-x64

7

Everything...up.exe

windows10-2004-x64

4

LastActivi...ew.exe

windows10-2004-x64

9

LastActivi...ew.bat

windows10-2004-x64

9

Lastproverka.bat

windows10-2004-x64

3

NirCMD 2.8...md.exe

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

OpenedFile...32.exe

windows10-2004-x64

9

OpenedFile...64.exe

windows10-2004-x64

8

Process Hacker 2.lnk

windows10-2004-x64

3

Recuva 1.5...le.exe

windows10-2004-x64

7

Shellbag_a...er.exe

windows10-2004-x64

10

USBDeview ...ew.exe

windows10-2004-x64

9

UserAssist...ew.exe

windows10-2004-x64

9

processhac...up.exe

windows10-2004-x64

7

Resubmissions

19-10-2023 11:09

231019-m9hf6agh68 10

Analysis

  • max time kernel
    414s
  • max time network
    427s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    19-10-2023 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Everything-1.4.1.1022.x86-Setup.exe

  • Size

    1.7MB

  • MD5

    f9330358c8250a792b0e80d023d6914e

  • SHA1

    3a2698d59851b00f80300c2e263208c4783d78b2

  • SHA256

    3860e524fbfe73d52ed16f762e6ed705cc31a520ac601e4bd8622cd99f93af58

  • SHA512

    e025793f10e55d35857608e3f5ddc711713045adcc84f9cb9f7d5d78b57842fd3fbef35f7992bcd60c6135fa2ec415afee4bbd56f96b862ef8318ee3561f5a7a

  • SSDEEP

    49152:RbDl0ZbsA/0biZwx0ihyuU7TdRnm2IMUiOF1rJOOXI:RbOZbpMb1KaSds2Iti2JOT

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Everything-1.4.1.1022.x86-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Everything-1.4.1.1022.x86-Setup.exe"
    1⤵
    • Loads dropped DLL
    PID:4336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    68b287f4067ba013e34a1339afdb1ea8

    SHA1

    45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    SHA256

    18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    SHA512

    06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxE5ED.tmp\System.dll
    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    Download Submit