7361df98c7cd1e56e0345e61cf68c1d5818d4064269f9b234511c7060e97ad9f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-01-2024 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uninst.exe
Size

39KB
MD5

b462f3c38bc5b56e06976a94a7c36bc7
SHA1

0106bf912fa9a37bb975afb00fd4ebaf7dff13cd
SHA256

446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5
SHA512

f33baef794d57eec26df2b173719c3dde0e8e1f9354d598662d1b86c1317b21fbff17b1ce373495f9bfe717d10b8dba1d486fee18bbb51b726e480300c606343
SSDEEP

768:0Gn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPciuc1sJ:T4hwgonu0fJytuPwbdNcir1sJ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2212	Un.exe

Executes dropped EXE 1 IoCs

pid	Process
2212	Un.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	uninst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral13/files/0x000b000000014ac0-2.dat	nsis_installer_1
behavioral13/files/0x000b000000014ac0-2.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2212	2360	uninst.exe	28
PID 2360 wrote to memory of 2212	2360	uninst.exe	28
PID 2360 wrote to memory of 2212	2360	uninst.exe	28
PID 2360 wrote to memory of 2212	2360	uninst.exe	28

C:\Users\Admin\AppData\Local\Temp\uninst.exe
"C:\Users\Admin\AppData\Local\Temp\uninst.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe

Filesize
39KB

MD5
b462f3c38bc5b56e06976a94a7c36bc7

SHA1
0106bf912fa9a37bb975afb00fd4ebaf7dff13cd

SHA256
446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5

SHA512
f33baef794d57eec26df2b173719c3dde0e8e1f9354d598662d1b86c1317b21fbff17b1ce373495f9bfe717d10b8dba1d486fee18bbb51b726e480300c606343

Download Submit