Overview

overview

7

Static

static

3

PremiumBoo...ll.exe

windows7-x64

7

PremiumBoo...ll.exe

windows10-2004-x64

7

$(LSTR_82).exe

windows7-x64

7

$(LSTR_82).exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Elcor Soft...ge.url

windows7-x64

1

Elcor Soft...ge.url

windows10-2004-x64

1

GPremiumBooster.pdf

windows7-x64

1

GPremiumBooster.pdf

windows10-2004-x64

1

Premium Bo...ge.url

windows7-x64

1

Premium Bo...ge.url

windows10-2004-x64

1

PremiumBooster.chm

windows7-x64

1

PremiumBooster.chm

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $(LSTR_82).exe

  • Size

    462KB

  • MD5

    afb9fc159d0d1d13f58401a8fc86215d

  • SHA1

    f79498859b450a36007b6e3ffa05bf6a12fbad0c

  • SHA256

    2a5860795ae19f2b3f4027d1e1fcf70ac4fca07169c4ba014f9ded2c132db4d2

  • SHA512

    1e4939f719dcf154993d6143ee87ca1bd8a9550c683ea3e6b3180695ec3ae5e1e9a3308cbd75191417dbbd9eb57504db1c838d57e260215df2d65623bc31b2cb

  • SSDEEP

    3072:RNyah0mJYIyUlgE5UQ3MHJL10j68+zFgE7s6u15LUPFg0z23k3De/IjnSbuPeI16:Rwyl7eQ3C5xPFgPa/wTxWW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$(LSTR_82).exe
    "C:\Users\Admin\AppData\Local\Temp\$(LSTR_82).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6803.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    efc45bb93d44b05c9b4ab8f7ba367f34

    SHA1

    22aea2c2236532ecbe66f54d439e161eba2ca2ae

    SHA256

    d4192b8ed924e4a7706f36a411242392e5292e522698122ebb396dcc94e29750

    SHA512

    04ff1141e9d0114658d237657b988f800d254f15e5c7158d194c015b848d6b1997d5d2d0bebe366c33b772d2abe80678510f8d7f2aa76ebe06f49bc5011642db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    462KB

    MD5

    afb9fc159d0d1d13f58401a8fc86215d

    SHA1

    f79498859b450a36007b6e3ffa05bf6a12fbad0c

    SHA256

    2a5860795ae19f2b3f4027d1e1fcf70ac4fca07169c4ba014f9ded2c132db4d2

    SHA512

    1e4939f719dcf154993d6143ee87ca1bd8a9550c683ea3e6b3180695ec3ae5e1e9a3308cbd75191417dbbd9eb57504db1c838d57e260215df2d65623bc31b2cb

    Download Submit