Overview

overview

8

Static

static

7

780c349cb7...bd.exe

windows7-x64

7

780c349cb7...bd.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$SYSDIR/Dr...RV.sys

windows7-x64

1

$SYSDIR/Dr...RV.sys

windows10-2004-x64

1

ArmAccess.dll

windows7-x64

1

ArmAccess.dll

windows10-2004-x64

1

License.html

windows7-x64

1

License.html

windows10-2004-x64

1

MCFUNC.dll

windows7-x64

1

MCFUNC.dll

windows10-2004-x64

1

MCHelp.chm

windows7-x64

1

MCHelp.chm

windows10-2004-x64

1

MaxCrypt2.exe

windows7-x64

8

MaxCrypt2.exe

windows10-2004-x64

7

MaxDelete.dll

windows7-x64

1

MaxDelete.dll

windows10-2004-x64

1

SysSrvc.exe

windows7-x64

1

SysSrvc.exe

windows10-2004-x64

1

Updates/update.exe

windows7-x64

1

Updates/update.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 18:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    780c349cb73328e1a1669101c49d70bd.exe

  • Size

    3.8MB

  • MD5

    780c349cb73328e1a1669101c49d70bd

  • SHA1

    6aaaf52420421862a6633694659060598be7784f

  • SHA256

    013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3

  • SHA512

    28523a3156c4ab263c733341980db91e1abc2b4330ec99283bc561c2fa221f9414bbb3386983029efb05feef58a50941ea3447b93e0d2f0d2dd766a54bfc2ad6

  • SSDEEP

    98304:fUjVUJp+a3wvs7Rp8MmNi8Lajm/p117kKx5WgGvCwWNVfsPcYf:fccp+eRqRhDF7kkIPvCwWNpsEYf

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\780c349cb73328e1a1669101c49d70bd.exe
    "C:\Users\Admin\AppData\Local\Temp\780c349cb73328e1a1669101c49d70bd.exe"
    1⤵
    • Loads dropped DLL
    PID:2940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsb8ABC.tmp\InstallOptions.dll
          Filesize

          12KB

          MD5

          d61d6c709e7947296603059f8bedeba9

          SHA1

          bdcfc90c358c82be43ef85727a7bdfebbd6d1b69

          SHA256

          65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63

          SHA512

          ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsb8ABC.tmp\LangDLL.dll
          Filesize

          5KB

          MD5

          8be27f3bdec2b49d0a6a674716622304

          SHA1

          70d17db576ed484a4c0195571118d307fd4dc1b9

          SHA256

          4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47

          SHA512

          add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsb8ABC.tmp\ioSpecial.ini
          Filesize

          722B

          MD5

          9270d5501c2ebc89deebb2fecc835475

          SHA1

          58a4255e50391eb6b8888409c20f4915cce7adde

          SHA256

          f5b31f89858a3540a8a21a7c106132cf7134dc6ce3c8fb08390fbfd58561b446

          SHA512

          62f27347471e0c4952ea96446045d97b3f8eab431de9a83ab3d3e94357724aa6028c8b776c0192e6e4db4ef6e932d76078096a577f5bac64f01ed699ba400c8d

          Download Submit