Overview

overview

7

Static

static

3

bec3b733bf...00.exe

windows7-x64

7

bec3b733bf...00.exe

windows10-2004-x64

7

$0/scanquery.dll

windows7-x64

1

$0/scanquery.dll

windows10-2004-x64

1

$0/scanquery.exe

windows7-x64

3

$0/scanquery.exe

windows10-2004-x64

3

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bec3b733bf1a940a8ae079f1161b9500.exe

  • Size

    699KB

  • MD5

    bec3b733bf1a940a8ae079f1161b9500

  • SHA1

    1bf4f403621072bc58b693a8b7ee9a002aee2f5b

  • SHA256

    42d165d91eb4e6994afb93300dec7e725a66b1594e5ff574e9f2584d287a210b

  • SHA512

    2f0c411ec3af1903abf2171ab5090e1145837678271169e5a49757a380e5b2be2107f0b1c4f9ace60fb61c49995f391e106edb883ee9c43c1767d49028336ee6

  • SSDEEP

    12288:pRtnqQHzV0SKwKAMQNffgt/Ju0YDLDHDKrxqYZQpZyo/R:pjnPHRZKwZfIlYvDW9dcyW

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\bec3b733bf1a940a8ae079f1161b9500.exe
    "C:\Users\Admin\AppData\Local\Temp\bec3b733bf1a940a8ae079f1161b9500.exe"
    1⤵
    • Loads dropped DLL
    PID:548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsa2D9A.tmp\InstallOptions.dll
    Filesize

    13KB

    MD5

    d765c492c21689e3d9d61634371fd861

    SHA1

    ac200933671ae52c9d5544d0e2e8e9144d286c83

    SHA256

    551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    SHA512

    9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa2D9A.tmp\System.dll
    Filesize

    10KB

    MD5

    fe24766ba314f620d57d0cf7339103c0

    SHA1

    8641545f03f03ff07485d6ec4d7b41cbb898c269

    SHA256

    802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    SHA512

    60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa2D9A.tmp\ioSpecial.ini
    Filesize

    750B

    MD5

    069701ad20d66236a55cd76419e652b9

    SHA1

    3a8b3545906360dbfbf5b3df6a4b3dc4404f0d9b

    SHA256

    ec855f2ee2138907054573c8ac428b961c386fda34c672acbc514da50069cf7a

    SHA512

    160a858bfa14c63b733f15ef087f869469ef8749f57f4692fa62947b0295e3b7251c064a4e34d7c58cd9dfedc349a6d8da89de5af92921e71611308aa8f6cc84

    Download Submit