Overview

overview

7

Static

static

3

bd233208f1...b3.exe

windows7-x64

7

bd233208f1...b3.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

Extensions...64.dll

windows7-x64

1

Extensions...64.dll

windows10-2004-x64

1

Extensions...ip.dll

windows7-x64

1

Extensions...ip.dll

windows10-2004-x64

1

Extensions...TP.dll

windows7-x64

1

Extensions...TP.dll

windows10-2004-x64

1

Extensions...le.dll

windows7-x64

1

Extensions...le.dll

windows10-2004-x64

1

Extensions...AR.dll

windows7-x64

1

Extensions...AR.dll

windows10-2004-x64

1

Extensions...ry.dll

windows7-x64

1

Extensions...ry.dll

windows10-2004-x64

1

Extensions...ls.dll

windows7-x64

1

Extensions...ls.dll

windows10-2004-x64

1

Extensions...or.dll

windows7-x64

1

Extensions...or.dll

windows10-2004-x64

1

Extensions...in.dll

windows7-x64

1

Extensions...in.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 23:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd233208f1839c8f352f97de36b36bb3.exe

  • Size

    6.5MB

  • MD5

    bd233208f1839c8f352f97de36b36bb3

  • SHA1

    2d4080d0fa4176dda7d9ca7d985e2956aaf65a93

  • SHA256

    630a76310508c5aa4cde07bd19374129306618751e71301673af4b77e8daec77

  • SHA512

    e2a614d4f65c5c37cdf871c40bad95fdfd6997dbfb1281ab5340f1eab909cf5a42fd3330a449617d2743219d476650bd2475cc5d31c0ebd2f1b30cea5c31b8b7

  • SSDEEP

    196608:HvOr8+kIIFthsGUNJdNZ/mAvKf6GZhk547:G8utfdNZ/m43Ik5o

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd233208f1839c8f352f97de36b36bb3.exe
    "C:\Users\Admin\AppData\Local\Temp\bd233208f1839c8f352f97de36b36bb3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst9770.tmp\ioSpecial.ini
    Filesize

    741B

    MD5

    8b446926f6e05269d36497f687f9b5cf

    SHA1

    c30f57310f72811b4eddbfd0f407b7ad92d5364b

    SHA256

    10b34da11075c74e241b747e37e9ca306213cfe6d9eab804ca4dfcc56f8342b4

    SHA512

    721cf8a41cf132e24a311d051e58b617d16b413e5f8d9ec718fd6d0b7baf97274acccc13a5818159973ca4535fcc2b1b4b8148609f5b47ad03f2d7447eed8cc6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9770.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9770.tmp\registry.dll
    Filesize

    24KB

    MD5

    2b7007ed0262ca02ef69d8990815cbeb

    SHA1

    2eabe4f755213666dbbbde024a5235ddde02b47f

    SHA256

    0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    SHA512

    aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    Download Submit