Overview

overview

7

Static

static

3

9ad5e1af79...b8.exe

windows7-x64

9ad5e1af79...b8.exe

windows10-2004-x64

$PLUGINSDI...rs.dll

windows7-x64

4

$PLUGINSDI...rs.dll

windows10-2004-x64

4

$PLUGINSDI...64.exe

windows7-x64

4

$PLUGINSDI...64.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

Docs/Contact.htm

windows7-x64

1

Docs/Contact.htm

windows10-2004-x64

1

Docs/Contents1.htm

windows7-x64

1

Docs/Contents1.htm

windows10-2004-x64

1

Docs/Contents2.htm

windows7-x64

1

Docs/Contents2.htm

windows10-2004-x64

1

Docs/Contents3.htm

windows7-x64

1

Docs/Contents3.htm

windows10-2004-x64

1

Docs/Contents3a.htm

windows7-x64

1

Docs/Contents3a.htm

windows10-2004-x64

1

Docs/Contents3b.htm

windows7-x64

1

Docs/Contents3b.htm

windows10-2004-x64

1

Docs/Contents3c.htm

windows7-x64

1

Docs/Contents3c.htm

windows10-2004-x64

1

Docs/Contents3d.htm

windows7-x64

1

Docs/Contents3d.htm

windows10-2004-x64

1

Docs/Contents3e.htm

windows7-x64

1

Docs/Contents3e.htm

windows10-2004-x64

1

Docs/Contents3f.htm

windows7-x64

1

Docs/Contents3f.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 05:11

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    9ad5e1af79a62e164124c22ca3c7b7b8.exe

  • Size

    2.1MB

  • MD5

    9ad5e1af79a62e164124c22ca3c7b7b8

  • SHA1

    1e8f831fcebeed49f23c30385754a816333919cb

  • SHA256

    c38f1fcf1a2d5b1cea2d24d47afdc38ca6b27e12436b94d038e0859fa07fd2b0

  • SHA512

    2ad93a78803083be49ff51bca4b323d7e77b8704fac5746b9730eb6db19abada8e4092fd8a6889499da7839360c61a818c8476e9592e34ea4eb203cae67b8f2a

  • SSDEEP

    49152:BBf6E2IcUJWvCSvyXUhQoBjON/F247ZdTJ8u:PT2fyXUC2jQ/g47F8u

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ad5e1af79a62e164124c22ca3c7b7b8.exe
    "C:\Users\Admin\AppData\Local\Temp\9ad5e1af79a62e164124c22ca3c7b7b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1460
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39a4055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy5053.tmp\SetupHelper.dll
    Filesize

    52KB

    MD5

    bcc0fc146ac5958fc16a2d43fdf3aaed

    SHA1

    a40ca7d638cab23a47a35386ef097372fdafeb21

    SHA256

    4d8072399ff0042a40e016de11fc762adea5b97399ebf800e7c60d3ea82be246

    SHA512

    0a363953a4b27956f6badf72d14204403bd68cb97f6189f1f384d08a284b3e460df25f5b3e23fb3bb54c6dc81428a1efbe089f6961e878bb13d208f1d9b06910

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5053.tmp\ViseHelper.dll
    Filesize

    252KB

    MD5

    b0cd88d66cb5ba7a426277670fc72962

    SHA1

    1af9001ba6a16f8579b1b85b81e72ac26ad2954e

    SHA256

    56924ce7f365e4df121c91c61eb03a6404509e49b1556bebb480b7edf4072c7b

    SHA512

    df761bbcaa2d9fbcd3b7ca564dd1b092b9969c93d0e41f12b8e3a429bd6dd787dacbe8ce7502a5f5f49d9aa87c86880e1e77dbcc8df47a3a69b04aa6c67741aa

    Download Submit