Overview

overview

10

Static

static

10

98cbb535d7...44.exe

windows7-x64

7

98cbb535d7...44.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$TEMP/v.vbs

windows7-x64

3

$TEMP/v.vbs

windows10-2004-x64

3

$TEMP/xcmd.exe

windows7-x64

9

$TEMP/xcmd.exe

windows10-2004-x64

9

$_48_/$APP...md.exe

windows7-x64

9

$_48_/$APP...md.exe

windows10-2004-x64

9

$_48_/1.html

windows7-x64

1

$_48_/1.html

windows10-2004-x64

1

$_48_/3.bat

windows7-x64

1

$_48_/3.bat

windows10-2004-x64

1

$_48_/3.vbs

windows7-x64

4

$_48_/3.vbs

windows10-2004-x64

7

$_48_/qq.vbs

windows7-x64

3

$_48_/qq.vbs

windows10-2004-x64

7

$_48_/v.vbs

windows7-x64

3

$_48_/v.vbs

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    48KB

  • MD5

    10403fd37f08245aae3804452300a600

  • SHA1

    ec3ff05f03493558f73b7110c6fab9006ad62634

  • SHA256

    2dd8a708c592d74ea2811334cb50b3b2a2a54f391f938befef64cff77952259e

  • SHA512

    ff42532f2d99b4dab609fa44e3ed62d5abdedc29d211cb402e0bf2462e22bce0b6909a7378cc065b853217c5b0ae3ecb9953f21f58779faced2ff9df0e50c801

  • SSDEEP

    768:SoOjbhlc7sUoQnAz3ppOo0QJSHijv5js/wJJQPgd2iZQAm6kRRS+NoJRnOID:XOPhlosUoAarDX1JJQgdLeAyNZID

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      PID:652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    48KB

    MD5

    10403fd37f08245aae3804452300a600

    SHA1

    ec3ff05f03493558f73b7110c6fab9006ad62634

    SHA256

    2dd8a708c592d74ea2811334cb50b3b2a2a54f391f938befef64cff77952259e

    SHA512

    ff42532f2d99b4dab609fa44e3ed62d5abdedc29d211cb402e0bf2462e22bce0b6909a7378cc065b853217c5b0ae3ecb9953f21f58779faced2ff9df0e50c801

    Download Submit