Overview

overview

10

Static

static

10

729a7bf23d...af.exe

windows7-x64

7

729a7bf23d...af.exe

windows10-2004-x64

7

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

7

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Conn...wn.exe

windows7-x64

1

$TEMP/Conn...wn.exe

windows10-2004-x64

1

BuildProps.dll

windows7-x64

1

BuildProps.dll

windows10-2004-x64

1

ConnUPnP.dll

windows7-x64

1

ConnUPnP.dll

windows10-2004-x64

1

Connectify.exe

windows7-x64

1

Connectify.exe

windows10-2004-x64

6

ConnectifyNAT.dll

windows7-x64

1

ConnectifyNAT.dll

windows10-2004-x64

1

Connectify...es.exe

windows7-x64

1

Connectify...es.exe

windows10-2004-x64

1

Connectifyd.exe

windows7-x64

1

Connectifyd.exe

windows10-2004-x64

1

DriverLib.dll

windows7-x64

1

DriverLib.dll

windows10-2004-x64

1

HardwareHelperLib.dll

windows7-x64

1

HardwareHelperLib.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    729a7bf23d64052ca1bde881bc9813af.exe

  • Size

    2.2MB

  • MD5

    729a7bf23d64052ca1bde881bc9813af

  • SHA1

    c48d1519c05088b9dc4b0af6da71aefaabddcd91

  • SHA256

    5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0

  • SHA512

    32c9966ab4d522876384ccd355585a5940ac06580faf036fcd9f5d1b7f21eef98ee77c18c57ab86ee460d41114868b6f95ef8bae7de299b4d4235c61af551d61

  • SSDEEP

    49152:JladY2vgqH0OKj06nL6IDZdkYk8vauvM8s2N8rQYKwddARZkrdi/:Wr0txL6INnkeaMOVSceHkk/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\729a7bf23d64052ca1bde881bc9813af.exe
    "C:\Users\Admin\AppData\Local\Temp\729a7bf23d64052ca1bde881bc9813af.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi39F6.tmp\OCSetupHlp.dll
    Filesize

    438KB

    MD5

    9e1fe7b0eb75814578f900ae56995e92

    SHA1

    f5100e25ca3953862983fbc7a711e21df2e16b9f

    SHA256

    abb8fbe643a37ba41c0e753a5c35dd38ed74f38f21112a9c57a6206fcb6cf66e

    SHA512

    88bb1586fe61c64b39f28a315bcd22b03a0b981c71a7dcf58d5d5a6288a3c1dd29b14f2512b01fbdc6b2348e71cb5e16189978b74d32afeb78411942afa44c9c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi39F6.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi39F6.tmp\UAC.dll
    Filesize

    13KB

    MD5

    7f56c0d6a8733dec142814ed5a58b0ee

    SHA1

    c119e66f179cfb758966f3cf878466057bea1840

    SHA256

    86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

    SHA512

    8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

    Download Submit