Overview

overview

7

Static

static

3

c6876453db...d5.exe

windows7-x64

7

c6876453db...d5.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

chrome/con...ers.js

windows7-x64

1

chrome/con...ers.js

windows10-2004-x64

1

chrome/con...ing.js

windows7-x64

1

chrome/con...ing.js

windows10-2004-x64

1

chrome/con...ger.js

windows7-x64

1

chrome/con...ger.js

windows10-2004-x64

1

chrome/con...ion.js

windows7-x64

1

chrome/con...ion.js

windows10-2004-x64

1

chrome/content/io.js

windows7-x64

1

chrome/content/io.js

windows10-2004-x64

1

chrome/con...ger.js

windows7-x64

1

chrome/con...ger.js

windows10-2004-x64

1

chrome/con...ler.js

windows7-x64

1

chrome/con...ler.js

windows10-2004-x64

1

chrome/con...mts.js

windows7-x64

1

chrome/con...mts.js

windows10-2004-x64

1

chrome/con...ner.js

windows7-x64

1

chrome/con...ner.js

windows10-2004-x64

1

chrome/con...ice.js

windows7-x64

1

chrome/con...ice.js

windows10-2004-x64

1

chrome/con...col.js

windows7-x64

1

chrome/con...col.js

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6876453dbbac3f8d381e52a0af661d5.exe

  • Size

    1.3MB

  • MD5

    c6876453dbbac3f8d381e52a0af661d5

  • SHA1

    4e2d6faa51b09c151dff36f040feec7762577d8a

  • SHA256

    3ac30c59230f59d43f45883aa7af46c9caae1d73693e46cabdd9a4ca951f3a71

  • SHA512

    a76c7d5145ba6b1a44f8dc0d229ec46dec06c322363edd57105181a44aff0767f9a79079ce29930dc7e8d043ba657cc0778aa851f5f5c7c1a374be215a04d647

  • SSDEEP

    24576:alyPBqE+giupJhzc6ptXzdGjhstf/rq6LnEhRKgBs6SzK3YVbAJgT6SP:alYBf+VEJe6ptXzdast26LnUYgBreBJj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6876453dbbac3f8d381e52a0af661d5.exe
    "C:\Users\Admin\AppData\Local\Temp\c6876453dbbac3f8d381e52a0af661d5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\msihelper.dll
    Filesize

    159KB

    MD5

    9256d4a48b88c17f7d0f4220df8212a9

    SHA1

    d5af243185eab6d267ea003ce3d9c40184b33dc1

    SHA256

    1809f678995324749ca766d0768121570a922a91e8f0a96e65e9004c168c9365

    SHA512

    2703d2844eac84ece96213596dd34e6aac6fa328e2e815531b9d9b61e37ccd5ce13723972722f44ad8745012c6b9e756a774846f88f067615bf235be3fb2eed7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF1F.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF1F.tmp\UAC.dll
    Filesize

    17KB

    MD5

    88ad3fd90fc52ac3ee0441a38400a384

    SHA1

    08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

    SHA256

    e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

    SHA512

    359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

    Download Submit