Overview

overview

7

Static

static

3

Xilisoft.P....1.exe

windows7-x64

1

Xilisoft.P....1.exe

windows10-2004-x64

1

x-dvd-ripp...um.exe

windows7-x64

7

x-dvd-ripp...um.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PROGRAM_F...in.dll

windows7-x64

1

$PROGRAM_F...in.dll

windows10-2004-x64

1

$PROGRAM_F...n2.dll

windows7-x64

1

$PROGRAM_F...n2.dll

windows10-2004-x64

1

$PROGRAM_F...n3.dll

windows7-x64

1

$PROGRAM_F...n3.dll

windows10-2004-x64

1

$PROGRAM_F...n4.dll

windows7-x64

1

$PROGRAM_F...n4.dll

windows10-2004-x64

1

$PROGRAM_F...n5.dll

windows7-x64

1

$PROGRAM_F...n5.dll

windows10-2004-x64

1

$PROGRAM_F...eo.dll

windows7-x64

1

$PROGRAM_F...eo.dll

windows10-2004-x64

1

$PROGRAM_F...ed.dll

windows7-x64

1

$PROGRAM_F...ed.dll

windows10-2004-x64

1

$PROGRAM_F...eo.dll

windows7-x64

1

$PROGRAM_F...eo.dll

windows10-2004-x64

1

$PROGRAM_F...o4.dll

windows7-x64

1

$PROGRAM_F...o4.dll

windows10-2004-x64

1

$PROGRAM_F...qc.dll

windows7-x64

1

$PROGRAM_F...qc.dll

windows10-2004-x64

1

$PROGRAM_F...cx.dll

windows7-x64

1

$PROGRAM_F...cx.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x-dvd-ripper-platinum.exe

  • Size

    14.2MB

  • MD5

    5617ec67ad5b86e8a4acca3e96fe678b

  • SHA1

    05630304963ed0512ffedf3089035a5505e4d362

  • SHA256

    290189853e47da1ecee6ff62a215a2d517267ba4ff7b03854c45c46c9f5489cd

  • SHA512

    2bedb391cad7f00ab2a2e77a14c2325ada3cc06296588e0db4212a5478aee28db5f76bd7e1220cf651f515e76dfee3f15241c638eb9f46f7dee2f439d9ae7386

  • SSDEEP

    393216:dMSDPZtjlv5jIKQ8EJxC1V9ApCPdvSYImaqE:2SDLhRjnO0ypUvOmRE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x-dvd-ripper-platinum.exe
    "C:\Users\Admin\AppData\Local\Temp\x-dvd-ripper-platinum.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsd2E43.tmp\LangDLL.dll
    Filesize

    4KB

    MD5

    68a2bc20e9033d7d592c0e3db9b1c9a7

    SHA1

    48f32201f29d897164f4328b3358cca659262597

    SHA256

    7b5874ea96afe034b0d8a529ced3e97e12d712e9d1d2cb591b82bbce59105db3

    SHA512

    52283afd58e88b43364c99652cb3d94e8f59dba223aa3c2f5a858e6baf108bfcf99283a7e1f09728bf293f255077620b9a025bbf3ac09d4b22c7b37ea023e648

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd2E43.tmp\System.dll
    Filesize

    9KB

    MD5

    f3f4da651834fa4044ac1f0b52e23648

    SHA1

    868e93b5a840f21acb37eae4f934fa3cdf49412e

    SHA256

    0666031824869382068c7930620a3047e8df762c348d121d03c257efda2b2ee9

    SHA512

    10c0d78f0888ab2b5877b25eaded6a645458470573b5fdbe7bdd7dff7d01cf00827fcf0cab80d24ef8e3ddda444fa92c29e8e59f68ee6f4213d4d56d54dc228a

    Download Submit