Overview

overview

10

Static

static

7

74fa76f32b...6e.exe

windows7-x64

7

74fa76f32b...6e.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

10

ConfigTsXP.exe

windows7-x64

7

ConfigTsXP.exe

windows10-2004-x64

10

TaskSwitchXP.chm

windows7-x64

1

TaskSwitchXP.chm

windows10-2004-x64

10

TaskSwitchXP.exe

windows7-x64

7

TaskSwitchXP.exe

windows10-2004-x64

10

scripts/ShowDelay.js

windows7-x64

1

scripts/ShowDelay.js

windows10-2004-x64

10

scripts/UnlockQ.js

windows7-x64

1

scripts/UnlockQ.js

windows10-2004-x64

10

scripts/WheelTab.js

windows7-x64

1

scripts/WheelTab.js

windows10-2004-x64

10

wa_ldr.exe

windows7-x64

1

wa_ldr.exe

windows10-2004-x64

10

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74fa76f32b4cc3c485ad7169f8d9336e.exe

  • Size

    393KB

  • MD5

    74fa76f32b4cc3c485ad7169f8d9336e

  • SHA1

    d8abef98edc1b7709c3c86af576e529ea927ade7

  • SHA256

    c306ae721c046eb3246e863b7bd4f1fdecb4dac5c1ed04c06f29c582443a389c

  • SHA512

    de4ea7237270fb905e86e518169897bb0a125a7d646f9ecb9ec66dfcbb03231eb399de9ea9277ed387c9a2e0035628ae32547f979b472ba9ab293b5f059f47ce

  • SSDEEP

    6144:jbOmwnO5EVvDpIHbS267kd44dy267Jtntpf/zNnQGwV0FX91ieTcOZ8jw4ugaw:fwOeU4U4gIDtp3z5QGwmX91iet/L3w

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\74fa76f32b4cc3c485ad7169f8d9336e.exe
    "C:\Users\Admin\AppData\Local\Temp\74fa76f32b4cc3c485ad7169f8d9336e.exe"
    1⤵
    • Loads dropped DLL
    PID:1380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso6F68.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9b11a5ff844d591aebaf526b5f1d5582

    SHA1

    e60948a5101c282957ffee3988816a9187963565

    SHA256

    9d23b28fa88d485810d8895d429365a7c826a0e9804ca8697446a05bbfdc196c

    SHA512

    8dc48f5b94da146798e1eca08ed33105422cb841badbaf3d868cebf167307162fae001386510977211829f96395f4142d2dc8311a2837d0d0a28ad5f6ff53319

    Download Submit