Overview

overview

7

Static

static

3

Autorun.exe

windows7-x64

1

Autorun.exe

windows10-2004-x64

7

DOC/EULA.pdf

windows7-x64

1

DOC/EULA.pdf

windows10-2004-x64

1

DOC/Manual.pdf

windows7-x64

1

DOC/Manual.pdf

windows10-2004-x64

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    242s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Autorun.exe

  • Size

    359KB

  • MD5

    54bf3808df7bdd22bc895a9c458c7a1d

  • SHA1

    b542313b9aef121a9ee927f05386338bff25c9a6

  • SHA256

    357139223831f0de98f9f627f6f4010f97a9529801e6120ca427e7120dfc8683

  • SHA512

    f098246543263125cfdaf9e3fa17c751a71c13e0b057334e83dde1cd275fe7978818211aeea8522a382e9ac4c50f8a9c347b3eb3aca48e93b7e97f80bd1815af

  • SSDEEP

    6144:SobforNwvbLtGbJQM1GMPiwzSV1pcUewdzMY/69M4Qf2RrRpPva8ioPzE0OSERl:ZbQrNsLtGeTMzg1p2sAY/4MyrRFa8iow

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Autorun.exe
    "C:\Users\Admin\AppData\Local\Temp\Autorun.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Loads dropped DLL
      PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst991A.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    444e1109d960c307df0ca2b33a24731b

    SHA1

    55e3b57d06128911ed4af44858d199d9b1945edc

    SHA256

    b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125

    SHA512

    9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst991A.tmp\ioSpecial.ini
    Filesize

    501B

    MD5

    38b032156c5429f4826be7cc1b4ecad9

    SHA1

    4748185cbb9721839de4e9713304ab20934a890e

    SHA256

    18b6b36e184c26c0637ffcb518117d9f2a84250811eca81329c7c040766a9240

    SHA512

    fe72ecd00d53bcbf0c3b28d2c1b9af1db694ad3aa2aea6552e6cea95eaa4ffad3bd9b11b11c1ac788286ea6b31c0cf81d3318a818832abbea99c2352dc3212ee

    Download Submit

  • memory/2280-0-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2280-1-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download