Overview

overview

6

Static

static

3

windows.10...up.exe

windows7-x64

6

windows.10...up.exe

windows10-2004-x64

6

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDIR/audio.ini

windows7-x64

1

$PLUGINSDIR/audio.ini

windows10-2004-x64

1

$PLUGINSDI...sc.dll

windows7-x64

3

$PLUGINSDI...sc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/video.ini

windows7-x64

1

$PLUGINSDIR/video.ini

windows10-2004-x64

1

$PLUGINSDI...re.ini

windows7-x64

1

$PLUGINSDI...re.ini

windows10-2004-x64

1

$SYSDIR/Codecs/$0.dll

windows7-x64

1

$SYSDIR/Codecs/$0.dll

windows10-2004-x64

1

$SYSDIR/Co...Up.exe

windows7-x64

3

$SYSDIR/Co...Up.exe

windows10-2004-x64

3

$SYSDIR/Co...64.exe

windows7-x64

4

$SYSDIR/Co...64.exe

windows10-2004-x64

4

$SYSDIR/Co...47.dll

windows7-x64

3

$SYSDIR/Co...47.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windows.10.codec.pack.v2.2.0.setup.exe

  • Size

    45.5MB

  • MD5

    908ea32c938f24669728a7c026a6552b

  • SHA1

    2695b6cd468636b09c1495a86a69ce4f56203a0c

  • SHA256

    435506cbe66bebdfdf9a2a94b1e8f483fdf108ab308129a6eb8dfd56a8bc77bc

  • SHA512

    342281df3e8823dbca8231335c17d76fbc4d0ba35a97c2d777d11c9ca33b86e689ef54c86aebbbec50a6f499b7232c4d56406f0471cce666a74203bfe95e710e

  • SSDEEP

    786432:Zbe52lsoZacQr5el64WTdDUCpGnSlyXMs8AdIqCmF3kdPEcOKbBhscBpw4yTie6d:ZbpHZac09DtpI7XMvmIqoPppw4yees

Score
6/10
discovery

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 2 IoCs
  • Downloads MZ/PE file
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\windows.10.codec.pack.v2.2.0.setup.exe
    "C:\Users\Admin\AppData\Local\Temp\windows.10.codec.pack.v2.2.0.setup.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\System.dll
    Filesize

    11KB

    MD5

    6f5257c0b8c0ef4d440f4f4fce85fb1b

    SHA1

    b6ac111dfb0d1fc75ad09c56bde7830232395785

    SHA256

    b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    SHA512

    a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    8ef0e4eb7c89cdd2b552de746f5e2a53

    SHA1

    820f681e7cec409a02b194a487d1c8af1038acf0

    SHA256

    41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

    SHA512

    a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\easy.ini
    Filesize

    1KB

    MD5

    b5e41bcf121a9b7da0270aa35b0f5852

    SHA1

    d7a26cf9ced03c846ec7215d03afeb5a7d817a2f

    SHA256

    8a4db2d2506afed771c8288e399422cca4d515864f327d94e6329500a5a5f256

    SHA512

    1b92c9162dc30e1f3965021f6b8c13ec310d47aa1ade5098d1acc3506d04a842ade9d8cbf31bbd42c92561779bae59b72b137f2eb1ee43afc5176c87da94a402

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\easy.ini
    Filesize

    1KB

    MD5

    43a1a5ee65d2828841781b6b403f3a64

    SHA1

    5a3636e0aae2199f56d2b57beb2c787b92dd045c

    SHA256

    4efdbf5ca7b648390c5d1cbf21ea6f67061a235dc54700b30c7aa321eeb037ce

    SHA512

    9dea293900ab699e93ab0d40fda09ef95f03af1e6272ea07561b6755fbe81a0d692d2f7ec0385b3bc7ac6a667644322cdcd3770afcf0e0c7b8966b58d82accbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk473C.tmp\nsb56BE.tmp
    Filesize

    30KB

    MD5

    1bc3c1608ac94cf3fb4575dc96610fe0

    SHA1

    02a953629b0e272d8a9bbf5dacbb03402853bc8a

    SHA256

    64f426601f824c9ec361755cb157d5f80499b8bbf4a29455bfca1fb65f2aae5c

    SHA512

    63881bcdf359f22de1a7582d943ec241ab2fe32fd68e202befd940c4e2ee86092797bc2de4514685d122235465fcc992cb0b5c1b9899869f9ca5840bcd8bec05

    Download Submit

  • memory/3428-37-0x0000000007B90000-0x0000000007C22000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3428-36-0x00000000075D0000-0x0000000007B74000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3428-35-0x00000000736F0000-0x0000000073EA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3428-38-0x00000000085D0000-0x0000000008614000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3428-39-0x0000000008620000-0x00000000086BC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3428-40-0x00000000086C0000-0x0000000008726000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3428-41-0x0000000008780000-0x0000000008CAC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3428-34-0x0000000073F90000-0x0000000073FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3428-33-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3428-29-0x00000000054C0000-0x00000000054D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3428-249-0x00000000054C0000-0x00000000054D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3428-250-0x00000000736F0000-0x0000000073EA0000-memory.dmp

    Filesize

    7.7MB

    Download