Overview

overview

7

Static

static

3

b54ba0289a...7b.exe

windows7-x64

7

b54ba0289a...7b.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

MessengerDetect.exe

windows7-x64

1

MessengerDetect.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

WinPcap_4_0_2.exe

windows7-x64

7

WinPcap_4_0_2.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

$SYSDIR/Packet.dll

windows7-x64

1

$SYSDIR/Packet.dll

windows10-2004-x64

1

$SYSDIR/WanPacket.dll

windows7-x64

1

$SYSDIR/WanPacket.dll

windows10-2004-x64

1

$SYSDIR/pthreadVC.dll

windows7-x64

1

$SYSDIR/pthreadVC.dll

windows10-2004-x64

1

$SYSDIR/wpcap.dll

windows7-x64

1

$SYSDIR/wpcap.dll

windows10-2004-x64

1

$TEMP/CACE_Banner.htm

windows7-x64

1

$TEMP/CACE_Banner.htm

windows10-2004-x64

1

WinPcapInstall.dll

windows7-x64

1

WinPcapInstall.dll

windows10-2004-x64

3

rpcapd.exe

windows7-x64

1

rpcapd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b54ba0289ad4be407c8408daa589a67b.exe

  • Size

    1.4MB

  • MD5

    b54ba0289ad4be407c8408daa589a67b

  • SHA1

    cbe96c45a85b399ebe53f3ac795f0d12b4ce5bf3

  • SHA256

    7dd95b056f85ca768c5464e1ef28d62374d1ddafce38c7e70f8ae8a4f2e76a1e

  • SHA512

    190ce713947db04052fc7c2769b16539a4cccda01a58fdab7129469b225f4cd398cf54bfd42cf48b44c062083800f1724a8f6c0eb495a7f22e3e1d682e51cc97

  • SSDEEP

    24576:LNSzrDmUStRlnSMcSF6Rzxc1l3inWwBPo1gYPMSnVuqFnRtJ63diKCVoN20a5:pSLSxnSMcSIRy3YBPuMgztk3dgOc0a5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b54ba0289ad4be407c8408daa589a67b.exe
    "C:\Users\Admin\AppData\Local\Temp\b54ba0289ad4be407c8408daa589a67b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstC32.tmp\ioSpecial.ini
    Filesize

    699B

    MD5

    232d5058ba0ee1c2e982038147d1b5c1

    SHA1

    746a0029ada9b69687e3c30c89718bc3489d0d3e

    SHA256

    3656f01c6e71cfe5e01ebc3753b7852eab0b40310110c1c73fca2ba5da11deea

    SHA512

    793429f1680a68389833c0fd371b1bfd152264ea0bc3b0f6a18405add77cc6788c49fc7b26f035428997d0420ed2a4e6d8b7d69c99123d9f1b83371957082f3f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstC32.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    3809b1424d53ccb427c88cabab8b5f94

    SHA1

    bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    SHA256

    426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    SHA512

    626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    Download Submit