Overview

overview

7

Static

static

3

A.exe

windows7-x64

7

A.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

Anycast.exe

windows7-x64

3

Anycast.exe

windows10-2004-x64

3

Packet.dll

windows7-x64

1

Packet.dll

windows10-2004-x64

1

anycast-service.exe

windows7-x64

1

anycast-service.exe

windows10-2004-x64

1

wintun.dll

windows7-x64

1

wintun.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A.exe

  • Size

    10.7MB

  • MD5

    25d325afb078b572b0fbca2b84aa264c

  • SHA1

    6ef782acf674f3e66b5973e143c2fdda7e076914

  • SHA256

    a3c3f7a0014e41ff435db5b87ec92e60ada72a94fc401cb1ef3cf6daf71630e1

  • SHA512

    f4ff58f70a06c425ad832aa19b3dd51b2b4fc534dba8d2cd68a49d5c22e3ce366f5d8b33cd687c7e5a64fb3ab02e60330d66a0c3bfab09750b2afaa508705b68

  • SSDEEP

    196608:CvyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:CKhL3HyGGlj+E3I6Ev0Pex

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\A.exe
    "C:\Users\Admin\AppData\Local\Temp\A.exe"
    1⤵
    • Loads dropped DLL
    PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    0a9fb96a7579b685ec36b17fc354e6a3

    SHA1

    355754104dd47d5fcf8918dee0dc2e2ee53390a6

    SHA256

    b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

    SHA512

    67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    98ff85b635d9114a9f6a0cd7b9b649d0

    SHA1

    7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

    SHA256

    933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

    SHA512

    562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    84ceded3c7328878df1eb3095bcfa309

    SHA1

    bcb80124debe5110690874d529f295e02d857b88

    SHA256

    4c6daf4ac42d2b5c1937c00c4ddb918fe28afcb6552990f7ebbfdfe2119c9d97

    SHA512

    84a10d935dc005033ceb5e18fcf9ebec876fafd52eafabb84624704d6b66ebdd216e7d896f7aa5f8df217c16c9a2960d0ac497ffd283f742608b2e106b669329

    Download Submit