Overview

overview

7

Static

static

7

c17046e52f...2a.exe

windows7-x64

7

c17046e52f...2a.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DTDJ_1.exe

windows7-x64

1

DTDJ_1.exe

windows10-2004-x64

1

Game.exe

windows7-x64

1

Game.exe

windows10-2004-x64

1

RGSS102J.dll

windows7-x64

3

RGSS102J.dll

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    60KB

  • MD5

    add0197e19a8802370ac61e88e61654b

  • SHA1

    c4f00bf24bc26c2ea22b8269bcf8867eaf258255

  • SHA256

    f36d1451e5d2b1ec184f2232fcc3458935839e95bd5c103c94a0a8624f68e5d2

  • SHA512

    3ec2eff17c6b482417012e4f442c342105ac5272d1f3dd0c688234f0acf8c41b84bb33bc9a012cbc99ddd7fa57174fd8951d1156cd8ea880742e44f9b52ebc98

  • SSDEEP

    1536:VKRhoEXBpnbfRpQmJ6YRNVs1ECy3lvUyS1m:MjJ7nbppQmJ6qgEx1vE1m

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.552200.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ddbc546dd8da7ac1e4cf4bf4dd107a3

    SHA1

    c6b87f88e979a29a68e47047c2677b286be5017b

    SHA256

    218bc21e85d01ebc745bdc6336d20677ae8084e0e1c7ca807600f168880af974

    SHA512

    d1fe66d8695f73a72bf026c6bd104c1ec9ed49ace33b8c55d9136c0caeb333f6351c56663f9a79c89c94e28b9c83c57a25ef0752f8df1699647c5066cadaf07b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eee6e3b6171e391644e2f4c2a9be1fbf

    SHA1

    8a1a820d26513e38bbfaeb9e116f864150452659

    SHA256

    85a286735577edd76b2db773db1351230b2503c3ed9c384481631786e38e7a8a

    SHA512

    4751a5e9de61b672383eaaff6ad31891e52d6537c806f46dc0bbfa5af790c672d3234aaaa06fb6b527851eb27b0e797cca751bf2e64e314b9cd34c4e90af1499

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccc264d43c7ab2c8873addb364860d2a

    SHA1

    832859f873b517f625955743c840c4f1f74af2c5

    SHA256

    f9c21be8db789322f953a17a27c767ff5b695f9295e6c2763a3a82513d9c6257

    SHA512

    ca252dc180058c1e0c528779f32d34ac49037a7a44c93daa9f96dfbfceb1d55053665f23811fbbeeb5c18a0f5608211559bc0049ec828532cdccb54776830954

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71c2f8fc07a0f5fb3a55c73e35070899

    SHA1

    ec2d247f8150d515e0d9f7fbea83851ccaafe0b9

    SHA256

    e02e1e156d18a0b99c69223fde05f3cbe915bcfae9a67b900774ef667b1431ac

    SHA512

    6df854272eb861ab6c40dfb7804f4fedf680843515da0b094f0fe0ddbcf435668addb30958bbedaff23f6b06f76559112652931897665f638cdb301a5a56275f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4e0a94cfd6f30adc9adb6960b267d30

    SHA1

    8d51872af06f206cf770d2605c7bdf7974b05fa3

    SHA256

    031fe02468ea5ed6a384d8515e41b64381edffdfd24ad95000db89235843fc35

    SHA512

    7f6b459a65a55cd4d5b9d2179d480d6267de59974c1d0e7c747a53696b00bf77507de77613db3baa64716a029315ed509f5badc86d268524f5f867967869f07a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96d430b66a8e340ad57198699afb585f

    SHA1

    76bf33a40a7b826cc2a92602888e55823a046d81

    SHA256

    4bbd7e2a74cdc0088d13daedc9f5c10d2b1ee04af747e7a81afb94ebd18e7f87

    SHA512

    592f176f1315b1ba516ebde685b23eb950f7db7771bf8c50eec14980a7b4f7468436c897a115f2c08bede4ce5cdcfe21ffd3ac5b692a4f78efb414c86e8204f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eaff57719d4221d0d80c4205146ac4ee

    SHA1

    71169fec60eb57fe59bc672086c94c58a6e704db

    SHA256

    68dbcb539c6e825da8d3c3d395030eda123fe3f55f415216a15d568addc93990

    SHA512

    65dd943834c4ede9aace87698d916cccd8cd629a75d86aa55eddb28648d8754f2e7cf554261dd0bca3e8da80488877b849b6a98d50a284d9f2f9392819ac7730

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94401b7db2c0c3f54bb32f664d530f1e

    SHA1

    85d6638b0163fb75e6d31b548a03ba031e44481f

    SHA256

    94c0fed9d82260de1eacd200d331c6459c3b2af68e738b55f50d9b589034b6ab

    SHA512

    5e4b28b073acd46280a9cebc753bfcc04247ae5859be2a6662803263bec4b2831da93d35b4d9434417bd5ef5e98deb21c6b0d4f26251e82b728c050be3d4db16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fcffcf6bf0269c45376dd0cacd4a1eee

    SHA1

    12f2728cdb217864074dfe8e1176ee944485ce58

    SHA256

    5f4dc501531168213766c8a4bcabc2ad075dd42d8cf4de589c64278976a8ec26

    SHA512

    130433561c5327bb9f38b3643c08ff5ceb1ec0cbb2032aac629dda92bec1d01248644641a26e7e0a1f572db324a1799b6040cbede70683f8a1bf69b519cd78fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    153710a48c5a710f0084e78d8a507423

    SHA1

    986ad98729cb3a5739452ac1a98b264d6652b436

    SHA256

    211ef4fd64dc1efd9a919013229028d5bff70ee6da72c3b3006fc29ba801a8b6

    SHA512

    9d263a45eec5d141a46128e7d9ead8dcc2b6a9f25aa768158e1944e5c5e2d0c8bfabaa713b3be00ded827540e1243f1d60c9680235833986e01e6cb40e6b0462

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f433a29f78186dc6be9f632b1630e8e

    SHA1

    d8c6991bc43e5230a418439699c71d3bf81e4ad5

    SHA256

    b8d107c2d98cf9f3290b34e0b83ba0cce4bc722c0e8320ec2538ee6bc6cbb479

    SHA512

    5f701d5fb42e6a9b322e4121ce4fbc1ca7724dabe80fdf4b527916b52ad899c97764ae096ccdd6e3b2aa0715c960f7d8ee3302dfd5a09abe1bd698b37020e099

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66391826ea5af5c0c88e5c713cdcef71

    SHA1

    fec48b08c4c1f61f2bebcf8a9c5ff4c978cd1cba

    SHA256

    15e88fe3eb1645cba848cedb6253ddb39959521a9aebb3dcfc3fda8f3b403a2f

    SHA512

    abf4c82493aeeb22ecb709565957763d4c2cbff9bf99574737200e530557323201492568f4398fe7b8abf128da2927443d977daa901f5a9aeee4d6c2d06f0f7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5bb7b678e9307318fa90daaf329daf75

    SHA1

    f8a93bb71163e3a4c4513ed872ae77e2947865b5

    SHA256

    ee7c7be0c1a3cc49f79e164a629c7e0022696832c27570c243934bbce213b8c4

    SHA512

    69acf8f36c0bbf86551cd4998ee39bc3b7f42eb8cd2a4c535e682a4c6d28157a5b232deb0d7e3a8fa98cc3fe5545ed0144f2eabaab562260f70054dc5462dbf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9946.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9A18.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    60KB

    MD5

    add0197e19a8802370ac61e88e61654b

    SHA1

    c4f00bf24bc26c2ea22b8269bcf8867eaf258255

    SHA256

    f36d1451e5d2b1ec184f2232fcc3458935839e95bd5c103c94a0a8624f68e5d2

    SHA512

    3ec2eff17c6b482417012e4f442c342105ac5272d1f3dd0c688234f0acf8c41b84bb33bc9a012cbc99ddd7fa57174fd8951d1156cd8ea880742e44f9b52ebc98

    Download Submit