Overview

overview

7

Static

static

7

5c476b47ec...f9.exe

windows7-x64

7

5c476b47ec...f9.exe

windows10-2004-x64

7

$TEMP/Team...r_.exe

windows7-x64

7

$TEMP/Team...r_.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PROGRAMFI...AS.exe

windows7-x64

1

$PROGRAMFI...AS.exe

windows10-2004-x64

1

$TEMP/Team...TV.dll

windows7-x64

1

$TEMP/Team...TV.dll

windows10-2004-x64

3

$TEMP/Team...er.exe

windows7-x64

7

$TEMP/Team...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2024 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/TeamViewer/Version5/TeamViewer_.exe

  • Size

    2.4MB

  • MD5

    5fdc7abc293f55b307c52c927c726948

  • SHA1

    f469b3103a64d0c694f16f85ee62e0d7efdf60de

  • SHA256

    8928ae4aa22a26e9cefa9e1e1f046f02b0e8e49830b4c7a3eff6f39a8a09963f

  • SHA512

    9670700c04d0400643fbbf387c6f92bf02cfe1f890f9ddd1746d7ff1611a0c8da5c7d3bf75ff71578262caf731751a4a40d216ddd7d96615218f0896096121ab

  • SSDEEP

    49152:v0Ii8g9VPJlLQBkK8q3ws6krWiSERpTT8TnrKPMaU9R0Q02p+o:sIi8g9BMBLVWixrsTOvIV

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\TeamViewer\Version5\TeamViewer_.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\TeamViewer\Version5\TeamViewer_.exe"
    1⤵
    • Loads dropped DLL
    PID:3612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\TvGetVersion.dll
    Filesize

    13KB

    MD5

    eb062eb8b2c498c03b1542ccde87ad90

    SHA1

    44432fa3d16baa6bd5243fab7187204d4c0a2166

    SHA256

    81888a1166ae594aef28084d00c5d59e899e8f0b6bc632f99df08fba3ad77c3b

    SHA512

    e21af0d46cb71ecbe764915fc9ef67ebbe3c0dd428b4816adb7e966aafb761aa72248a21392236bf4ce068be855e9a43f3ccf96db612edef3cb17e1a10afe4e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    1e8e11f465afdabe97f529705786b368

    SHA1

    ea42bed65df6618c5f5648567d81f3935e70a2a0

    SHA256

    7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b

    SHA512

    16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\environment.ini
    Filesize

    661B

    MD5

    d49491c7ba7bd565e1b8ff473cd84c8e

    SHA1

    2522272cf01af17f8ace15a29759f7629ebdc94e

    SHA256

    0be1c22c6f540d98cd55d7f434f57aedffc67a19df4e4957f75eb034a7b3d9bb

    SHA512

    2207da44794bd8b8ed1161a0a1990d13824c91b651711d20fbd14769f898a95168884e217f24465b309901215961f3bcb287214b61c5ce2fbc020e8e21cb7b3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\host.ini
    Filesize

    975B

    MD5

    69a491a30f8fd22d3210847d54274a19

    SHA1

    7e19eb2b1424bb487708f91001d0a001e214ebb8

    SHA256

    49a8ab22496032d8286c7fa71d1e5fc3f13079572d45e4140d1b24be57202b53

    SHA512

    4ac8b38c91eb466cc31e8256cd7a59bf10ff088a3ff233510277be969134c7da2c784fb1254323c2a3e502d2daa98561c160d321a153914b65f97c6bec79207b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl4875.tmp\start.ini
    Filesize

    983B

    MD5

    cc38fe264db13629dbac09fb999f4f7f

    SHA1

    51db7d5f9fa53ae98856575b55c4d69ee0cfc6b0

    SHA256

    0ebbe20b46d7cb70a57c730bf65f73c219c03a0bcffc36fa7a4adefd2623141d

    SHA512

    fbb4ef383b4a4b18f0fac1dede037213ffd16f8bd9a98e4d326817953b2b2ce577f4a5696cddbbf4a84a595cf1dc85e4b0501cfb988eac909f698789e73033e5

    Download Submit

  • memory/3612-0-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3612-220-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download