Overview

overview

7

Static

static

3

638cfffa2f...45.exe

windows7-x64

7

638cfffa2f...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 09:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    638cfffa2f94398eb16021ca6c648c45.exe

  • Size

    473KB

  • MD5

    638cfffa2f94398eb16021ca6c648c45

  • SHA1

    c2288c84485071db0f6a29bf29d5b72964999325

  • SHA256

    ddf29aa7c938c9118f9675c2ce6d3ba08b22b80c38052a34219afa0a341c43f9

  • SHA512

    87f2a3876c2fe5129e551c09a4ef3572040d6cca4122bb7926d2be9b5fecc7e27446ca01aa00ba95750a057e79e58eb4ac048c059a3c09968540c12e9aad459f

  • SSDEEP

    6144:+CKXw5Z8lU2wqdIsw1NbzbeNrk2z5lFaZf21L9m7zPGXJRPm/vLv1WN1yNr1DBKU:+XEotwq4X+ylOm7eJRPmpnNrKVUqLmiA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe
    "C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1688

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsy4857.tmp\ioSpecial.ini
          Filesize

          706B

          MD5

          deb4d2c0e1f6200e92a6934f2a0a5e61

          SHA1

          14519e674c4ecbffee6dadffaf6818c0f0bfe7cc

          SHA256

          e2b6ae5e6b9ca7cb955e9d44bc831c276ca7b7b4d8181d2626e7f5c31c2474c6

          SHA512

          fa56a3fb0be713fd729160c9b4e2d04bc1e063cfabec18130aab06dfa18a18ac9dfa85b451e87ee2713f373ce3667d2782530c659d58a78de894f46ad7431e5c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\AdvSplash.dll
          Filesize

          6KB

          MD5

          c16e99e77b8e9a4ac4621ee85527c727

          SHA1

          d527d14dcc209c485b6979166eef83ec1a8c6e4a

          SHA256

          3caa4b6585ce3fdbf4229878aab77c30af507691153add91aabf7404b3c99b7e

          SHA512

          590c1b5a55b91a3f6df388363132d9560a5fc09f5e3d5c440b3939660a777c6d1cc69df9d696b73545d95e70fca8616193c162cd086b3757e82e0e1d129ae765

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          9b2ad0546fd834c01a3bdcbfbc95da7d

          SHA1

          4f92f5a6b269d969ba3340f1c1978d337992a62c

          SHA256

          7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

          SHA512

          5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\LangDLL.dll
          Filesize

          5KB

          MD5

          e79062d4e5969b67241a96bad058dd07

          SHA1

          67adf76bc6718e87633ad2669119a4cfac71fb5c

          SHA256

          7e49f8b791231c84e80eee56c5dfe8ee6feabe7fb6efba2c30a1ae1621c9e509

          SHA512

          6269f26ee92a7576e8e17b156cf2cf90c862c007c684a44e55194d2aef605de5304b9e7822a001db477bc672c52db4e64db7f02e4684488705d594698035a0ed

          Download Submit