Overview

overview

7

Static

static

7

6e72f7a643...cb.exe

windows7-x64

4

6e72f7a643...cb.exe

windows10-2004-x64

5

$PLUGINSDI...ne.dll

windows7-x64

1

$PLUGINSDI...ne.dll

windows10-2004-x64

1

$PLUGINSDI...ip.dll

windows7-x64

1

$PLUGINSDI...ip.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

4

$PLUGINSDI...er.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...en.dll

windows7-x64

1

$PLUGINSDI...en.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...p.html

windows7-x64

1

$PLUGINSDI...p.html

windows10-2004-x64

1

$PLUGINSDI...x.html

windows7-x64

1

$PLUGINSDI...x.html

windows10-2004-x64

1

$PLUGINSDI...app.js

windows7-x64

1

$PLUGINSDI...app.js

windows10-2004-x64

1

$PLUGINSDI...uts.js

windows7-x64

1

$PLUGINSDI...uts.js

windows10-2004-x64

1

$PLUGINSDI...dle.js

windows7-x64

1

$PLUGINSDI...dle.js

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 02:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e72f7a643a9e32b5fcfe91da5231ccb.exe

  • Size

    2.1MB

  • MD5

    6e72f7a643a9e32b5fcfe91da5231ccb

  • SHA1

    b60779302c72f0c2a3dc875b9d9f55e773f39bd4

  • SHA256

    c5d72882d52181b2d08d2effd354b51042aade239139780a6dd0bcfd62fd6752

  • SHA512

    b8aedf4dcf8ee6067a25e0ab0c8abcf28a9a3b33597f2cbb153adc9e772159f4e92b24ba701d61b8d3016e7bac47eb5c8e1abbcade515df8283fdc39c636ca98

  • SSDEEP

    49152:COB2qRxE87vxpsrFpIvVziaEszYMNHzCcm:Co2qTPN+TIv5pEZh

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e72f7a643a9e32b5fcfe91da5231ccb.exe
    "C:\Users\Admin\AppData\Local\Temp\6e72f7a643a9e32b5fcfe91da5231ccb.exe"
    1⤵
    • Loads dropped DLL
    PID:1328

Network

  • flag-us
    DNS
    analyticsnew.overwolf.com
    6e72f7a643a9e32b5fcfe91da5231ccb.exe
    Remote address:
    8.8.8.8:53
    Request
    analyticsnew.overwolf.com
    IN A
    Response
    analyticsnew.overwolf.com
    IN CNAME
    d1fyd454usj1lk.cloudfront.net
    d1fyd454usj1lk.cloudfront.net
    IN A
    3.162.140.64
    d1fyd454usj1lk.cloudfront.net
    IN A
    3.162.140.75
    d1fyd454usj1lk.cloudfront.net
    IN A
    3.162.140.65
    d1fyd454usj1lk.cloudfront.net
    IN A
    3.162.140.12
  • flag-us
    GET
    http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.241.1.9%22%7d%5d
    6e72f7a643a9e32b5fcfe91da5231ccb.exe
    Remote address:
    3.162.140.64:80
    Request
    GET /analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.241.1.9%22%7d%5d HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: analyticsnew.overwolf.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: CloudFront
    Content-Type: application/octet-stream
    Content-Length: 2
    Connection: keep-alive
    Content-Disposition: attachment
    Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
    Date: Mon, 12 Feb 2024 23:44:24 GMT
    ETag: "99914b932bd37a50b983c5e7c90ae93b"
    X-Cache: Hit from cloudfront
    Via: 1.1 0d50cd56a0bc78c53908c192288b901c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: DUB56-P2
    X-Amz-Cf-Id: a-sH9DPxz4AFTPBCIkCpdiIWbVuqR1ODRyTjSXl5baGyw1KfXATpKQ==
    Age: 36592
    Cache-Control: max-age=0
    Vary: Origin
  • 3.162.140.64:80
    http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.241.1.9%22%7d%5d
    http
    6e72f7a643a9e32b5fcfe91da5231ccb.exe
    503 B
     702 B
     5
    4

    HTTP Request

    GET http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.241.1.9%22%7d%5d

    HTTP Response

    200
  • 8.8.8.8:53
    analyticsnew.overwolf.com
    dns
    6e72f7a643a9e32b5fcfe91da5231ccb.exe
    71 B
     178 B
     1
    1

    DNS Request

    analyticsnew.overwolf.com

    DNS Response

    3.162.140.64
    3.162.140.75
    3.162.140.65
    3.162.140.12

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi1A45.tmp\INetC.dll
    Filesize

    24KB

    MD5

    640bff73a5f8e37b202d911e4749b2e9

    SHA1

    9588dd7561ab7de3bca392b084bec91f3521c879

    SHA256

    c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    SHA512

    39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1A45.tmp\System.dll
    Filesize

    11KB

    MD5

    7399323923e3946fe9140132ac388132

    SHA1

    728257d06c452449b1241769b459f091aabcffc5

    SHA256

    5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    SHA512

    d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1A45.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    9301577ff4d229347fe33259b43ef3b2

    SHA1

    5e39eb4f99920005a4b2303c8089d77f589c133d

    SHA256

    090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

    SHA512

    77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1A45.tmp\uac.dll
    Filesize

    14KB

    MD5

    adb29e6b186daa765dc750128649b63d

    SHA1

    160cbdc4cb0ac2c142d361df138c537aa7e708c9

    SHA256

    2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    SHA512

    b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1A45.tmp\utils.dll
    Filesize

    55KB

    MD5

    aad3f2ecc74ddf65e84dcb62cf6a77cd

    SHA1

    1e153e0f4d7258cae75847dba32d0321864cf089

    SHA256

    1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

    SHA512

    8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.