Overview

overview

7

Static

static

3

mingw-w64-install.exe

windows7-x64

7

mingw-w64-install.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mingw-w64-install.exe

  • Size

    937KB

  • MD5

    9670c3701f0b546ca63a3e6d7749e59e

  • SHA1

    224af96ce7b76c4d27c8d44061b1bf633cdd4eb1

  • SHA256

    19b9a267a5b79913bf6a3a53cda83c3f7711cb6c879d48ccb97b4ed15c21fcf1

  • SHA512

    4a7376d1a0913ed649f2ec54121acf86c03aa42c4a8c1fbbca85a35097baa282940399dcb6a7fe7f9401c8215787116a9a8d4f426f05a85644099a334be4ac87

  • SSDEEP

    24576:QQ9odX6E2ccOgz/HVdwpCdgyB7UqI5BuKmQn2:QQG6E2cRM/EpAgyWqI5BuKk

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mingw-w64-install.exe
    "C:\Users\Admin\AppData\Local\Temp\mingw-w64-install.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deldll.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:956
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 2 -w 1000 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:1364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\deldll.bat
    Filesize

    200B

    MD5

    ea190ef9b139757a890cd48bdd44b0ee

    SHA1

    95c684e41bf7919408816aafab881621fface202

    SHA256

    9131de0fcaaf968896af9d58b6f37b4aa443455bb97c97bc142f295cee577bc4

    SHA512

    22802ffc1965c8e27f799ee88e3fa46debb316c27507a570b0812bc5de0d59a9c2a2105b8cc204851b3c29984ef1dfb7842131819952b185b7e4325a032fb6ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee32\7zci.dll
    Filesize

    78KB

    MD5

    af3801f29002d8fa68ed44e0c7c4182d

    SHA1

    0c2566466fedda91ddb9460cd192cc16b9cb38bc

    SHA256

    65f7a03ab6775e08a89c595486ebe18e7ebf61705103a251f1bd5272956a3720

    SHA512

    ad27047fed24c0b1c02f0d9b922f53d982390bbe6d01812c68e972784c5652badadc7f4b929e2f6f8ec21709ac7bb132928aa02c556bd72442c04609fed4449c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee32\guig.dll
    Filesize

    20KB

    MD5

    d3f8c0334c19198a109e44d074dac5fd

    SHA1

    167716989a62b25e9fcf8e20d78e390a52e12077

    SHA256

    005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa

    SHA512

    9c890e0af5b20ce9db4284e726ec0b05b2a9f18b909fb8e595edf3348a8f0d07d5238d85446a09e72e4faa2e2875beb52742d312e5163f48df4072b982801b51

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee32\libeay32.dll
    Filesize

    1.3MB

    MD5

    246c1aa481fa369115e6f7bb1e460ced

    SHA1

    5a0f33c471005f71aa05967e2fcf04c9fbb2c0d2

    SHA256

    0c43b5100dd5823a163a385f020af9eb3eea53b5f78dae4f03f2ff0a24535c5c

    SHA512

    d1335c3376ee48fc6326b8a2f9fe869e6bb654611a3413980d232d1be186cb3f9a13b8a6c0431e1a61de74d630dd23531c6977e64115d06150bbb660e8f4095c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee32\ssleay32.dll
    Filesize

    327KB

    MD5

    cd850e46537054218d53ebe74a896500

    SHA1

    f981a656060f7f49dcb0f4855cccfeb26f96705d

    SHA256

    3275b53a5f3a39aa9348accd4b5f488a243f69c739a63fe34e947ce321be903d

    SHA512

    7c67cd6353ff15ef0668599fda3d9964537bd1937ed5488e34549fb0e2db1957a9f4c92672e84c1a181fdb24b69ac70d05841f20fba5f0e5ae6e40e4b15f5fb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\genteert.dll
    Filesize

    60KB

    MD5

    6ce814fd1ad7ae07a9e462c26b3a0f69

    SHA1

    15f440c2a8498a4efe2d9ba0c6268fab4fb8e0a7

    SHA256

    54c0da1735bb1cb02b60c321de938488345f8d1d26bf389c8cb2acad5d01b831

    SHA512

    e5cff6bcb063635e5193209b94a9b2f5465f1c82394f23f50bd30bf0a2b117b209f5fca5aa10a7912a94ad88711dcd490aa528a7202f09490acd96cd640a3556

    Download Submit

  • memory/3284-18-0x0000000002220000-0x000000000223A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3284-26-0x0000000003300000-0x0000000003301000-memory.dmp

    Filesize

    4KB

    Download