Overview

overview

8

Static

static

3

LoggingPlatform.dll

windows7-x64

7

LoggingPlatform.dll

windows10-2004-x64

7

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

UpdateRing...gs.dll

windows7-x64

7

UpdateRing...gs.dll

windows10-2004-x64

7

de-DE.dll

windows7-x64

1

de-DE.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

3

msvcp140.dll

windows10-2004-x64

3

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

3

wtsapi32.dll

windows7-x64

7

wtsapi32.dll

windows10-2004-x64

7

out.iso

windows7-x64

1

out.iso

windows10-2004-x64

1

Screenshots.lnk

windows7-x64

4

Screenshots.lnk

windows10-2004-x64

7

__TEMP/Log...rm.dll

windows7-x64

7

__TEMP/Log...rm.dll

windows10-2004-x64

7

__TEMP/Mic...nt.exe

windows7-x64

7

__TEMP/Mic...nt.exe

windows10-2004-x64

7

__TEMP/msvcp140.dll

windows7-x64

1

__TEMP/msvcp140.dll

windows10-2004-x64

1

__TEMP/update.dll

windows7-x64

8

__TEMP/update.dll

windows10-2004-x64

1

__TEMP/vcr...40.dll

windows7-x64

1

__TEMP/vcr...40.dll

windows10-2004-x64

1

__TEMP/vcr..._1.dll

windows7-x64

1

__TEMP/vcr..._1.dll

windows10-2004-x64

1

__TEMP/wtsapi32.dll

windows7-x64

7

__TEMP/wtsapi32.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-03-2024 08:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    __TEMP/Microsoft.SharePoint.NativeMessagingClient.exe

  • Size

    32KB

  • MD5

    77c7af9eb3159f9d5ae6e62289451683

  • SHA1

    679b02270b6afc50251444e2ee7455d4472bb3b8

  • SHA256

    e984d9085ae1b1b0849199d883d05efbccc92242b1546aeca8afd4b1868c54f5

  • SHA512

    ead2e8d1a0107bd797862775c0017bf6171612750df6b8b42afbe841ec68d23d362c2cd2721aba92c19c35334c4f0ce126e849cb9923f99d778972ef1ffb3191

  • SSDEEP

    384:bnVVzYPO52p9X4kIEp1EKlLme0kVk0HH9X43W7u4whBWuOE8d0z5qslGsfTlj:DVVzYWqlpHlSvn0HHN4dEVsj

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\__TEMP\Microsoft.SharePoint.NativeMessagingClient.exe
    "C:\Users\Admin\AppData\Local\Temp\__TEMP\Microsoft.SharePoint.NativeMessagingClient.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\Microsoft.SharePoint.NativeMessagingClient.exe
      "C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\Microsoft.SharePoint.NativeMessagingClient.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4588

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\LoggingPlatform.DLL
    Filesize

    603KB

    MD5

    6c080b38918928b7154f5df346cbf12e

    SHA1

    fb5d9e15d23d80d014da6a29b2460da29fdfd1bb

    SHA256

    56ac00856b19b41bc388ecf749eb4651369e7ced0529e9bf422284070de457b6

    SHA512

    766d556ef60dd1c299d021b1579bf76614f95f469799040a541a938fc5d1e144fc7dfba59fe2526650df47593808fcbffed03e53e3bdcbca8ef1a3fd0e2134a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\Microsoft.SharePoint.NativeMessagingClient.exe
    Filesize

    32KB

    MD5

    77c7af9eb3159f9d5ae6e62289451683

    SHA1

    679b02270b6afc50251444e2ee7455d4472bb3b8

    SHA256

    e984d9085ae1b1b0849199d883d05efbccc92242b1546aeca8afd4b1868c54f5

    SHA512

    ead2e8d1a0107bd797862775c0017bf6171612750df6b8b42afbe841ec68d23d362c2cd2721aba92c19c35334c4f0ce126e849cb9923f99d778972ef1ffb3191

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\VCRUNTIME140.dll
    Filesize

    94KB

    MD5

    ec4109f025f2d664fec3b106ed9afae2

    SHA1

    0da547e4ba570a5adfae647ed1b5bee65751eac0

    SHA256

    22017c9b022e6f2560fee7d544a83ea9e3d85abee367f2f20b3b0448691fe2d4

    SHA512

    923b7607c33f1b88728aa5689b57b7a85fb85896794a10820aec42a4a39f9c685cbab814e256e2aae89890e0a590da301ea9deed68cfe7644b3cfeffda9bd2fa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\msvcp140.dll
    Filesize

    551KB

    MD5

    e0d7fbc2cbe2ed088725d4436d69e689

    SHA1

    72c4c13e710311cbd2824eab6543f0e088a84f5f

    SHA256

    dad53a78662707d182cdb230e999ef6effc0b259def31c196c51cc3e8c42a9b8

    SHA512

    dfa761e57950d0033e9404ce7d0cf002345e596a9257e319226a5296c0d39b2203167b9ca4f4ed4860c8c47f591be34e1ccbc2e9e7db2ea4577e031120ef7dec

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\vcruntime140_1.dll
    Filesize

    35KB

    MD5

    77f839bfbb6aff750d962bfc35de15ee

    SHA1

    f826650c8da7453249013c9fa6ad5db103769021

    SHA256

    1f26e0435628959ba26d194a4f9c96d20929d3dba48277751796f863cd3d9b99

    SHA512

    6aa2bf4a3f345b8c762a88250c1c39535312cdb20d398c9dae22e447dca6c862e1b50045092bc3f901b0f5e068a6eba6f35befdd385d153c459f3e058c288673

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\SharepointFiles\wtsapi32.dll
    Filesize

    400KB

    MD5

    01cbaddd7a269521bf7b80f4a9a1982f

    SHA1

    cb5f9111abc6c74f507fd6a6c3c6608279105177

    SHA256

    ae99ef9475cf553e3396419f08faec8b7965cb1fdd2f08d42dd190e376c445e0

    SHA512

    bd896a2e7848b65c1e90772b1f2729df7a7290969831e09e11c99071feb009dbd35de26dccde4ce025249be1f15c1171e82f34b96c58d620ec94ece2e702aa30

    Download Submit