Overview

overview

8

Static

static

3

sunshine-w...er.exe

windows7-x64

8

sunshine-w...er.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...nu.dll

windows7-x64

1

$PLUGINSDI...nu.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

1

$PLUGINSDI...em.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

1

$PLUGINSDI...fo.dll

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

1

$PLUGINSDI...ec.dll

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

assets/web/apps.html

windows7-x64

1

assets/web/apps.html

windows10-2004-x64

1

assets/web...ff0.js

windows7-x64

1

assets/web...ff0.js

windows10-2004-x64

1

assets/web...521.js

windows7-x64

1

assets/web...521.js

windows10-2004-x64

1

assets/web...ba4.js

windows7-x64

1

assets/web...ba4.js

windows10-2004-x64

1

assets/web...39f.js

windows7-x64

1

assets/web...39f.js

windows10-2004-x64

1

assets/web...092.js

windows7-x64

1

assets/web...092.js

windows10-2004-x64

1

assets/web/index.html

windows7-x64

1

assets/web/index.html

windows10-2004-x64

1

assets/web...d.html

windows7-x64

1

assets/web...d.html

windows10-2004-x64

1

assets/web/pin.html

windows7-x64

1

assets/web/pin.html

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sunshine-windows-installer.exe

  • Size

    10.9MB

  • MD5

    2265b5e06f44918f7c2b8979e0a9c165

  • SHA1

    bbd95e9d1f3c62bf6b05276e5cbe61b5b9dd035f

  • SHA256

    d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48

  • SHA512

    951c8ec6815b7bbdaebf781dcbd61fd402369d9cb37fdfbcca522ebe74cea1f867ad8c69a01979b4f55804844592172ed950b762c48c744205aed6dafc297629

  • SSDEEP

    196608:hKXpNOzxlx+WuRhr2G7uBIqTZnqFhqRC67VJxbYgiVJ3FMYMLec6P:QXvX12K0dTZnqFhqRX9bYgiRMzZ6P

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe"
    1⤵
    • Loads dropped DLL
    PID:4808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse4547.tmp\InstallOptions.dll
    Filesize

    30KB

    MD5

    ff6cb85adb441e639dc58948651d54d2

    SHA1

    2ba0514b1e64ce4c13c987c30f1b6e61225f192c

    SHA256

    bbd81555abbfeff33aacdc8c34c307c2eb680953c7f4c4c02b20a8fe10e88bd6

    SHA512

    bf4c8e862b548011f7d465c82d3c4bc84e7836c4bcd943ffa6dbfbe95d43fc355cf00936cfc4db34822906212bbbc69271f356b74d70051b52cfb9b74f58149d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse4547.tmp\UserInfo.dll
    Filesize

    7KB

    MD5

    8e1998776ffd1d578a80d603c55721fc

    SHA1

    48ff2d677739d0f34f6c8cda41258af3989f534d

    SHA256

    7616de346ee28e4314d8a5bf67575c0010b1b07c93c6c29798f9106589ba25ae

    SHA512

    90c0800e485bd56177576b1d245457427d15b81b475eca4154a65225b82fe9c2ae7f07b07d48a61a3f622c4b2a2cb0b834a5d0b0b895f5bbf88b5bdead2257eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse4547.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    78a53810e16fdcbe151f36c78d4c9e7c

    SHA1

    e55b838614d5de1f3b0a07185f7240eaa2a188a1

    SHA256

    97f2847831bac7c4d393e55c89037723a9c130f1fb0c40ca93d2616a1ed14350

    SHA512

    075c6f72b1970b97e2dd4468331bc5a691a7ede9d918bb85c7e17734c264ef8bf9c44151fb240c005dfcfac03bcffa98681f7eccb94ab54fd83c7b164ff88c57

    Download Submit

  • memory/4808-88-0x0000000140000000-0x000000014018A000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4808-89-0x00007FFE42AC0000-0x00007FFE42AD4000-memory.dmp

    Filesize

    80KB

    Download