Overview

overview

7

Static

static

7

65f0553a2e...b6.exe

windows7-x64

7

65f0553a2e...b6.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...Vs.dll

windows7-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

1

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

7

$PLUGINSDI...up.exe

windows10-2004-x64

7

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...ll.exe

windows7-x64

7

$PLUGINSDI...ll.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/pra_uninstall.exe

  • Size

    287KB

  • MD5

    086e1ebee5d94bf3e6c6dcbe2b76a6e2

  • SHA1

    786a56dbcca5d800689c467270f9fb5cdb699162

  • SHA256

    a0da75069cab0f020435afcbf7931671f263fa31584f089a742163d9fba9077a

  • SHA512

    b8d5c679d35ba66532ed5a89e96af220e2952f2917d04fd19a23a844476e268dc7accb222ca747320a54b751616f9b5efa74daecfb2e4d41a20ef08f0f33aaa2

  • SSDEEP

    6144:fzZZSOEngggggggg3a4lnZwvR62VBBp3b:fzZoO+gggggggg37ZwZ6OBBpr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\pra_uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\pra_uninstall.exe"
    1⤵
    • Loads dropped DLL
    PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso3AB1.tmp\SkinBtn.dll
    Filesize

    4KB

    MD5

    29818862640ac659ce520c9c64e63e9e

    SHA1

    485e1e6cc552fa4f05fb767043b1e7c9eb80be64

    SHA256

    e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

    SHA512

    ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso3AB1.tmp\System.dll
    Filesize

    11KB

    MD5

    ca332bb753b0775d5e806e236ddcec55

    SHA1

    f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    SHA256

    df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    SHA512

    2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso3AB1.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    904d8313031ac05e2bac3dd329828833

    SHA1

    6c8322f76e5c38bc24b0bcc057a510c92ec40b43

    SHA256

    a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

    SHA512

    9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

    Download Submit