Overview

overview

10

Static

static

3

drdivx2-2.0.1-b3.exe

windows7-x64

7

drdivx2-2.0.1-b3.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

10

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

10

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    drdivx2-2.0.1-b3.exe

  • Size

    3.8MB

  • MD5

    84ff716ffec57072db7c675970036a09

  • SHA1

    b321a081cd8bc69f6e218bf776ac35e772b9af6b

  • SHA256

    466905e88c78ba532c3f9ca6be4fe8e44840b3ac6e46df5132950ea07e3552f7

  • SHA512

    af3f5bd6b8d1269e43ed895748377908f9a5689c5f5911cba1b787890b2a5188d0594cf91c8c336d6541e4287669ed7d811024eb511e0bb12ac03972f1376633

  • SSDEEP

    98304:QZVwNE0Fr2oyVkCT/WdZlAaoo0qKR583So1hZVYF0X+j8oeD+CCCdn:ZN7r2bauWdb70qKR58Cglpuj8SCCE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\drdivx2-2.0.1-b3.exe
    "C:\Users\Admin\AppData\Local\Temp\drdivx2-2.0.1-b3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso24C2.tmp\SplashScreen.ini
    Filesize

    155B

    MD5

    195d72d89c11dc84a07fb88e86780a8b

    SHA1

    61f6ea08b796b31f522be77dcee92ea06f1e9d05

    SHA256

    ed9396492c8db2745481cba6a3b6402a1a3afc86585a108d1d3395f0a674dd44

    SHA512

    3017e693ec378cf113fc1d3c06a7b093525dec95c86b0b62b7854062f60bd707a284a518a4839bf4808b63bc9b5fb627e2d47a535558ce121f8734c8831fb2c0

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nso24C2.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nso24C2.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    83c5a8e90cd10cb31a9215eb4421341f

    SHA1

    52ddbbfa955936f87516c52b2bb679a6b4363e22

    SHA256

    da006773e11871b8834036c30acab8fabcce2c9e9f52bb2b425f947bdf33f7c6

    SHA512

    46c20fd762a643028f3c4287ed3dbd762bc1cd17ee5ad1d90cbad23f15901fbab14b726d7f3e45eeb370fb6a2ee5268a2e9ebaae7ab6067c855361d24fc806a4

    Download Submit