Overview

overview

9

Static

static

7

How to ins...c.docx

windows7-x64

4

How to ins...c.docx

windows10-2004-x64

1

refox/UpdateInfo.exe

windows7-x64

9

refox/UpdateInfo.exe

windows10-2004-x64

9

refox/file/7z.dll

windows7-x64

1

refox/file/7z.dll

windows10-2004-x64

1

refox/file/Screen.exe

windows7-x64

7

refox/file/Screen.exe

windows10-2004-x64

7

refox/file/curl.exe

windows7-x64

1

refox/file/curl.exe

windows10-2004-x64

1

refox/file...re.dll

windows7-x64

3

refox/file...re.dll

windows10-2004-x64

3

refox/file...te.dll

windows7-x64

1

refox/file...te.dll

windows10-2004-x64

1

refox/file...og.dll

windows7-x64

3

refox/file...og.dll

windows10-2004-x64

3

refox/file...rt.dll

windows7-x64

1

refox/file...rt.dll

windows10-2004-x64

1

refox/file...re.dll

windows7-x64

1

refox/file...re.dll

windows10-2004-x64

1

refox/file...l2.dll

windows7-x64

3

refox/file...l2.dll

windows10-2004-x64

3

refox/file...ix.exe

windows7-x64

1

refox/file...ix.exe

windows10-2004-x64

1

refox/file...er.exe

windows7-x64

7

refox/file...er.exe

windows10-2004-x64

7

refox/libcurl.dll

windows7-x64

3

refox/libcurl.dll

windows10-2004-x64

3

refox/libeay32.dll

windows7-x64

1

refox/libeay32.dll

windows10-2004-x64

1

refox/lrBrowser.exe

windows7-x64

1

refox/lrBrowser.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    refox/file/pp5oinstaller.exe

  • Size

    621KB

  • MD5

    b5f75550d37367020440949c0ada7bda

  • SHA1

    bbae77fdc525024b768b1687d85d01abad94ec1f

  • SHA256

    9cc2a58fede284745dac4cf5fff4889ec3720fd5009236c31031784683b398a8

  • SHA512

    d727f2c05ff34e2dc8c60b6c33fb5a25fbe8a15f7fa0f8c2408f1357e2c0dc30bf2f23592888d1ff460f0eb7aa0eb6d5e29a9baa37fa3bf49ce9405640375ba9

  • SSDEEP

    12288:TtuSSInn1RY/8Y46jIHqoZIKBHsFgmtFs:YS3n1a/GPLWKBHD

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\refox\file\pp5oinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\refox\file\pp5oinstaller.exe"
    1⤵
    • Loads dropped DLL
    PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsqBA88.tmp\System.dll
    Filesize

    18KB

    MD5

    094f8b14bb32903519c43ded0e9b6e02

    SHA1

    e819e77623eb0439f5b55315a352bad648af8b0a

    SHA256

    311e6d21023e4ce76fc1808d7b18366caf85e141686a32207cbc1339d7f6f7a7

    SHA512

    9ad4107ee77879e58afd2c300840d0da920e63b754901f90877fc2f614f2d3f5f50e1124d88eb886050de28b0dbee1375aa4f9f78c144df412a618ca87000340

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqBA88.tmp\nsDialogs.dll
    Filesize

    342KB

    MD5

    4a0ead1095593100cd6a9b6dca3b7e17

    SHA1

    5fc701943ffdf93f6dc9d3f9a450ed5bd9857025

    SHA256

    36b57ff3a5d7dff32f0338bc9675da202dc502abd0ba56133f5ddade44ee11cf

    SHA512

    941c013a69e42c87ecc4050640c66f0d0445c3684d8a93244d1679c1fbb4296ebb11ab1b01a8221249dd01972c3f1d5cc677062dec6f34923e0fb16f765f37f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqBA88.tmp\nsHelperFunc.dll
    Filesize

    327KB

    MD5

    810bb24fcde919d1792a149bb9ac4c67

    SHA1

    d60382bdc126935a2138a4d494d7250af86624b3

    SHA256

    ae208022558883fd35af60dfc642209797460f0f117f6ee7b877ea15e66c74fc

    SHA512

    f6ba3ae60fb505e24b0e65dcf4e807e3c2ef9b245951cb2b0955ed14baccbce8af22e3fcea5ab9c2a234283fafc67325bb073b0c93f0e0f6195d885515681f34

    Download Submit