Overview
overview
7Static
static
38fe893c04c...ba.exe
windows7-x64
78fe893c04c...ba.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$TEMP/~nsi...ad.dll
windows7-x64
1$TEMP/~nsi...ad.dll
windows10-2004-x64
1$WINDIR/Sy...vc.exe
windows7-x64
1$WINDIR/Sy...vc.exe
windows10-2004-x64
1mineep.dll
windows7-x64
6mineep.dll
windows10-2004-x64
6mineepnad.dll
windows7-x64
1mineepnad.dll
windows10-2004-x64
1mineepsvc.exe
windows7-x64
1mineepsvc.exe
windows10-2004-x64
1minerun.exe
windows7-x64
1minerun.exe
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/02/2024, 18:58
Static task
static1
Behavioral task
behavioral1
Sample
8fe893c04c504d9757cc28a75eddeeba.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8fe893c04c504d9757cc28a75eddeeba.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
$TEMP/~nsis/c3a019/mineepnad.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$TEMP/~nsis/c3a019/mineepnad.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
$WINDIR/System32/midiasvc.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$WINDIR/System32/midiasvc.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
mineep.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
mineep.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
mineepnad.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
mineepnad.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
mineepsvc.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
mineepsvc.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
minerun.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
minerun.exe
Resource
win10v2004-20231215-en
General
-
Target
8fe893c04c504d9757cc28a75eddeeba.exe
-
Size
777KB
-
MD5
8fe893c04c504d9757cc28a75eddeeba
-
SHA1
f0d86c7018ed0c69b2757a20d53ab40d93cd2a81
-
SHA256
7ecf992f19dffdd28863aeb32309570b3ae896dd151f4fea1986f79853cf38be
-
SHA512
7dc6b357b33ec52e06274bb2a5b64ab733ac22e5885c729c20b14998a568444e7f8a6fa06ee48c20d145b4b9ea1f2cbbba3f97795d5094f817eb873ba41c9384
-
SSDEEP
12288:ljDDPEiTWMDCgbyxm9wNqBn/lpOcCM+D980EUkD8XbzxmG32vSNc7:l/Ds82gbyh8B/lpO8E98KkoXbzp2Ku7
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
pid Process 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\WOW6432Node\CLSID 8fe893c04c504d9757cc28a75eddeeba.exe Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\WOW6432Node\CLSID\tst_key = "test_ok" 8fe893c04c504d9757cc28a75eddeeba.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe 4256 8fe893c04c504d9757cc28a75eddeeba.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
4KB
MD58f4ac52cb2f7143f29f114add12452ad
SHA129dc25f5d69bf129d608b83821c8ec8ab8c8edb3
SHA256b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04
SHA5122f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c
-
Filesize
581KB
MD584e4af439cfa4e555eb2e84f36fcb1fe
SHA111f495bc7b6941ffdd881c7d135ddf674667bd6b
SHA2569f3c348b2967a2582f3276f426343cce69a13fccf58a7413d64fa2deb156fa03
SHA51210549db9c5cd20b2f3b3431e75aff38ed002572b7dced4808636e66c768291d8b9739f0b9d056955accc623b146939a1e1406ec656eb85021dec1e286feede95
-
Filesize
369KB
MD5347c0c851e5230536f5867b0ebc1568e
SHA17787a7c0404c2ad4b0f6feda83c73b61b310e659
SHA256b7aca04cc4253317817f0cb23c52ae9b19c8c648be8493933cf20ad7aa8dedf8
SHA5123cc07690c69d5982e552164833e7b4687a0650e1e226f5274ed04caf355f400bf972971b827767b2c54aaa1ccce355ca2822591d7a30b39b87f4256e3d249d7d
-
Filesize
370KB
MD5f1b0e3e318416d0684ab5950369f11d5
SHA12e6bd84b573608c5932702d16f4a4324d8c15006
SHA256f429257098b177b978d6378ee4fa8bb449f39134f92629594a7a5dbc94111124
SHA512a7d979fdf78ca98f97497f1076e3a3795fd00bd706c9a20224984267b463a19137a9b836e8dcdacfb7f7fd3a28cc2b6764f10bc493465d85243a9326dd215b6b