Overview

overview

10

Static

static

3

builder.exe

windows7-x64

1

builder.exe

windows10-1703-x64

1

builder.exe

ubuntu-20.04-amd64

d_esxi.out

windows7-x64

3

d_esxi.out

windows10-1703-x64

3

d_esxi.out

ubuntu-20.04-amd64

1

d_nas_arm.out

windows7-x64

3

d_nas_arm.out

windows10-1703-x64

3

d_nas_arm.out

ubuntu-20.04-amd64

d_nas_x86.out

windows7-x64

3

d_nas_x86.out

windows10-1703-x64

3

d_nas_x86.out

ubuntu-20.04-amd64

3

d_win.exe

windows7-x64

6

d_win.exe

windows10-1703-x64

3

d_win.exe

ubuntu-20.04-amd64

e_esxi.out

windows7-x64

3

e_esxi.out

windows10-1703-x64

3

e_esxi.out

ubuntu-20.04-amd64

1

e_nas_arm.out

windows7-x64

3

e_nas_arm.out

windows10-1703-x64

3

e_nas_arm.out

ubuntu-20.04-amd64

e_nas_x86.out

windows7-x64

3

e_nas_x86.out

windows10-1703-x64

3

e_nas_x86.out

ubuntu-20.04-amd64

3

e_win.exe

windows7-x64

10

e_win.exe

windows10-1703-x64

10

e_win.exe

ubuntu-20.04-amd64

Resubmissions

21-02-2024 19:59

240221-yqmsbafb69 10

27-02-2023 15:10

230227-sj843seb89 1

27-06-2021 20:55

210627-2nsmat5hex 10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2024 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d_nas_x86.out

  • Size

    1.9MB

  • MD5

    29efe5693da727cdca8c637d343b07cd

  • SHA1

    a5ee4e8a413ea03639721f31de5f42d4b0968039

  • SHA256

    51fe57795105eb1e618d35bd99fcc096ee3687455cd4e330396c0d701bc3a6a1

  • SHA512

    5f19057919b4018114fcb58e0d848960acbf26d461077a85a935b64e7ec161f45047e6dc6c4664058b36902bc39b297c292eb8af2557dddd5bbdfdc975e6f377

  • SSDEEP

    49152:Emsq5TJqKK8XhjTyUCWU1pWmUYkfhtpmXNb:EmswTJqURIUtfhtoB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\d_nas_x86.out
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\d_nas_x86.out
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d_nas_x86.out"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f749ac544a0d2e3df7ecb32b509d3cca

    SHA1

    d714f5950fac51a15f584d1500fc2c4c4684a5f3

    SHA256

    db6a9110d6f6ac21a71dbd191405a73b7a9a2be2222e0b4f123128de7adfaff0

    SHA512

    1256d8e51c0bce949046c1598883460bb79d604937827759145770057a43e6b5bde409ee7d719baa22752bd7156a0db9fdbc7aa38109c2d621163d80875da5c2

    Download Submit