Overview

overview

7

Static

static

3

HandBrake-...UI.exe

windows7-x64

4

HandBrake-...UI.exe

windows10-2004-x64

5

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

HandBrake.Worker.exe

windows7-x64

1

HandBrake.Worker.exe

windows10-2004-x64

1

HandBrake.exe

windows7-x64

1

HandBrake.exe

windows10-2004-x64

7

doc/COPYING

windows7-x64

1

doc/COPYING

windows10-2004-x64

1

hb.dll

windows7-x64

1

hb.dll

windows10-2004-x64

1

portable.ini.template

windows7-x64

3

portable.ini.template

windows10-2004-x64

3

uninst.exe.nsis

windows7-x64

3

uninst.exe.nsis

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe.nsis

  • Size

    1KB

  • MD5

    2141b8e262a0f16789a1b82887dd12e9

  • SHA1

    c3b13403aa98dda3b5b77cc217cf21ef7c61b0ca

  • SHA256

    a7616bce17b4cb966aeb8db7db1d991321890a7aa1ec54eaa10c62ad153bb2b0

  • SHA512

    17a6cf392e25dd192658410e1ba1f5a112974d493141c3bbb2bed7f7f5f883c147ccf8cf3d8bbcc3df82b7e45dde2370fd85ee513241bb7199eb6d5aa4e82ba8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\uninst.exe.nsis
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\uninst.exe.nsis
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\uninst.exe.nsis"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5be87d78da6d24de4dae163747b1fa50

    SHA1

    5f9df9b2b92be8f96fd5d4f4d8a1aadd2c41baf1

    SHA256

    a76067c81d7e373bf88467649a758c120a027670b86dfc0fb29eaf01d8fcac29

    SHA512

    28800bd43a115f957ba54c76eb96a18465955573b639eb68cbe42026d8f692000c3e45154beb984d6bde17e412e9bf6f0a38e1b8df1122f1b1b9ec73ecbb97cf

    Download Submit