5b080cc460f05a3027ba7f8a24e2054bf57f2ae6098be2dc64854da631d11861

Submit
Reports

Overview

overview

Static

static

EcoVerde-L....3.exe

windows7-x64

EcoVerde-L....3.exe

windows10-2004-x64

$PLUGINSDI...er.dll

windows7-x64

$PLUGINSDI...er.dll

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

$PLUGINSDI...em.dll

windows10-2004-x64

$PLUGINSDI...ll.dll

windows7-x64

$PLUGINSDI...ll.dll

windows10-2004-x64

locales/fi.ps1

windows7-x64

locales/fi.ps1

windows10-2004-x64

locales/fr.ps1

windows7-x64

locales/fr.ps1

windows10-2004-x64

locales/gu.ps1

windows7-x64

locales/gu.ps1

windows10-2004-x64

locales/th.ps1

windows7-x64

locales/th.ps1

windows10-2004-x64

locales/zh-TW.ps1

windows7-x64

locales/zh-TW.ps1

windows10-2004-x64

resources/...dex.js

windows7-x64

resources/...dex.js

windows10-2004-x64

resources/...all.js

windows7-x64

resources/...all.js

windows10-2004-x64

resources/...all.js

windows7-x64

resources/...all.js

windows10-2004-x64

resources/...ws.dll

windows7-x64

resources/...ws.dll

windows10-2004-x64

resources/...ws.exe

windows7-x64

resources/...ws.exe

windows10-2004-x64

resources/...all.js

windows7-x64

resources/...all.js

windows10-2004-x64

Analysis

max time kernel
135s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 19:17

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EcoVerde-Launcher-Setup-1.0.3.exe

Resource

win7-20240221-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

EcoVerde-Launcher-Setup-1.0.3.exe

Resource

win10v2004-20240226-en

discovery

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/SpiderBanner.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/SpiderBanner.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

$PLUGINSDIR/WinShell.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

$PLUGINSDIR/WinShell.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

locales/fi.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

locales/fi.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

locales/fr.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

locales/fr.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

locales/gu.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

locales/gu.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

locales/th.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

locales/th.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

locales/zh-TW.ps1

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

locales/zh-TW.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/index.js

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/index.js

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/localinstall.js

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/localinstall.js

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/postinstall.js

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/postinstall.js

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/query_engine-windows.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/query_engine-windows.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/schema-engine-windows.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/schema-engine-windows.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/scripts/postinstall.js

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

resources/app.asar.unpacked/node_modules/@prisma/engines/scripts/postinstall.js

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

locales/th.ps1
Size

1.0MB
MD5

7512a162ea0b65dd9477ac8c190136b9
SHA1

ae5fbce9516882a0d58da9ebee3c767c7ba4c305
SHA256

d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4
SHA512

425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7
SSDEEP

12288:7UTfeN9LyZYArTJz1L/L1XPhHsbhRy1cW+v1H5UJEyL3ftj8wlz9eTRo98GkK9u4:7UTNC5y5h

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1012	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1012	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\locales\th.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1012-1-0x000001C329290000-0x000001C3292B2000-memory.dmp

Filesize
136KB

Download
memory/1012-2-0x00007FFE14380000-0x00007FFE14E41000-memory.dmp

Filesize
10.8MB

Download
memory/1012-3-0x00007FFE14380000-0x00007FFE14E41000-memory.dmp

Filesize
10.8MB

Download