Overview

overview

7

Static

static

7

2ff2ba5b37...92.exe

windows7-x64

4

2ff2ba5b37...92.exe

windows10-2004-x64

4

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$_4_/TeamViewer_.exe

windows7-x64

4

$_4_/TeamViewer_.exe

windows10-2004-x64

4

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...rb.dll

windows7-x64

3

$PLUGINSDI...rb.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ay.dll

windows7-x64

7

$PLUGINSDI...ay.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_4_/TeamViewer_.exe

  • Size

    36.4MB

  • MD5

    d7e105ecbedde5b3c6420b347c708040

  • SHA1

    cfb1c2804cc4e86bb736968f9ac0ac1b0461b6e7

  • SHA256

    08aa88d57a31e804674938e014c6239d7c797e1fe1cb73c346eb0aeedf26ec53

  • SHA512

    f54cacc47424d01ef344656273bc13414485a3358717168e03fc83ad517146809972639206ae42660d2d227baa3d26297adccf4dfeae39aaa02295828b29e27c

  • SSDEEP

    393216:Bh2pRAr7xamF+OBSUephoHbgdNUvjlXNh4uXzv0mCL/HLCNhlvvy3FLs4XisisYZ:eK7Ygsh2bVvjb7vq+NC3FLDiixG

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_4_\TeamViewer_.exe
    "C:\Users\Admin\AppData\Local\Temp\$_4_\TeamViewer_.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso5F90.tmp\start_unicode.ini
    Filesize

    2KB

    MD5

    0de7c812ed89b56f6bbc3b63db582ea7

    SHA1

    8524a308e839066704bdb4442698d6154949a7d8

    SHA256

    1d8918fb938af899edf7897a998d21073caa044abd16a01abceca90c918c9a9d

    SHA512

    29982a8cc9aaea6d6a47445a0dae90ccf7714e53f6adb2ee9374b8b0240f586c723e3f0ff1bcbc89a7b538961d7165ec61aae3e48dda6eb488e500bc7a03afb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso5F90.tmp\start_unicode.ini
    Filesize

    2KB

    MD5

    954d950ad9f37b960d87fdeae4bc15f9

    SHA1

    6a86387f984492f59641f107dea493fee64f649d

    SHA256

    4bbdd1e277ce1a46c7ed6711a71fc1818efed6fdc56bd07c49750c097e47e244

    SHA512

    cc36cfde83abf33d9f1d4e273c066f3f1a7aece2facde22b99a8415b51ad2c28fba875829bb10fb2c967accbd7676d235ff5b8d7b020163ae8e2f186aef5d8a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso5F90.tmp\start_unicode.ini
    Filesize

    2KB

    MD5

    bddaa786ecd0be186e4648f26c78c1e3

    SHA1

    a08e22358079799845bd28e6e9d59364eec504af

    SHA256

    feb09fb9d581bca2713ff3fe098d3396c579d09e4234140ff852bdb482f73d97

    SHA512

    d66bc2f35846e2485d27bb1a2034a053826097105272b13670cdd0037dc44e6bf3787fcc023a2a2425f81c9330d4b892656c601552403ab5258778c4d824da25

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5F90.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5F90.tmp\System.dll
    Filesize

    11KB

    MD5

    0ff2d70cfdc8095ea99ca2dabbec3cd7

    SHA1

    10c51496d37cecd0e8a503a5a9bb2329d9b38116

    SHA256

    982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    SHA512

    cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5F90.tmp\TvGetVersion.dll
    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5F90.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5F90.tmp\linker.dll
    Filesize

    45KB

    MD5

    4ac3f0ab2e423515ed9c575333342054

    SHA1

    a3e4f2b2135157f964d471564044b023a64f2532

    SHA256

    f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

    SHA512

    8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

    Download Submit

  • memory/2964-255-0x00000000006A0000-0x00000000006AE000-memory.dmp

    Filesize

    56KB

    Download