Overview

overview

7

Static

static

3

cdafd40ca5...2f.exe

windows7-x64

7

cdafd40ca5...2f.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...tc.dll

windows7-x64

3

$PLUGINSDI...tc.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...n12.js

windows7-x64

1

$PLUGINSDI...n12.js

windows10-2004-x64

1

$PLUGINSDI...ime.js

windows7-x64

1

$PLUGINSDI...ime.js

windows10-2004-x64

1

$PLUGINSDI...ket.js

windows7-x64

1

$PLUGINSDI...ket.js

windows10-2004-x64

1

$PLUGINSDI...ftp.js

windows7-x64

1

$PLUGINSDI...ftp.js

windows10-2004-x64

1

$PLUGINSDI...ttp.js

windows7-x64

1

$PLUGINSDI...ttp.js

windows10-2004-x64

1

$PLUGINSDI.../tp.js

windows7-x64

1

$PLUGINSDI.../tp.js

windows10-2004-x64

1

$PLUGINSDI...re.dll

windows7-x64

1

$PLUGINSDI...re.dll

windows10-2004-x64

1

$PLUGINSDI...re.dll

windows7-x64

1

$PLUGINSDI...re.dll

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 09:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdafd40ca595a808d276c5ea24ac232f.exe

  • Size

    467KB

  • MD5

    cdafd40ca595a808d276c5ea24ac232f

  • SHA1

    952474558853107657afb371e2c181d5f9ab1701

  • SHA256

    e28bcb78e966081d32fedc3cc0b8e3c272edbb82933f4aeb4fa28b626820d6bb

  • SHA512

    49ed55273234da911abcb0c16d444bb57497f55befc67fa4cdf52c4d54f615373caad23f4ddf6ab04ca6119c3c3fb2d0071f258567d42c77a8c5aecdb29457a6

  • SSDEEP

    6144:Ne34w12uoRlo2BFIJLNzOBS44lxytTsRRpTdwqQo5D8jCkjQC/EvK89E6Q:AxpJLxOBS4uMKh+Wk98vKOLQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdafd40ca595a808d276c5ea24ac232f.exe
    "C:\Users\Admin\AppData\Local\Temp\cdafd40ca595a808d276c5ea24ac232f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\ButtonEvent.dll
    Filesize

    4KB

    MD5

    fad9d09fc0267e8513b8628e767b2604

    SHA1

    bea76a7621c07b30ed90bedef4d608a5b9e15300

    SHA256

    5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

    SHA512

    b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\CustomBrandingURL.dll
    Filesize

    5KB

    MD5

    e4c1b74859c17671ffe1c0602fd56b44

    SHA1

    15ae7d83122a1dc14d79e6c0a2e6565a9ffc12d1

    SHA256

    2c33db8babc38e9c824d025b594626dfeee67c5319dc93396239899647f87156

    SHA512

    9dda77eaa71371d3e1d068d3740435b5aa3f198818e46ae31e19cab8b084bb131e088241abf1a0f7f78179745a1665a9bf500f97ee25cafc7f85c5a1c234a925

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\FloatingProgress.dll
    Filesize

    4KB

    MD5

    15bddd79574770cdbab1a9c13832d344

    SHA1

    dd63bf21db7049ba9773d0d06dbbb2d9b1ae914e

    SHA256

    5caf7bccc7fb43e43a50676a2466803cfb531f6416c6cb797750513770da6e18

    SHA512

    52f29c250a2426f43b67577ed5efe17992fa9ccb361cd1ad6ec19a60b02e2b7ee1c5a8131a29e37f84636d30916d6d2018ac769483861d1da3b0a1f4c91eb87b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\LuaBridge.dll
    Filesize

    8KB

    MD5

    60351c8bb166e71379f7268d25fba6d2

    SHA1

    e9ce69111b1a1c1f11cd99cc2cdff7c91b9096df

    SHA256

    0c0d9657ab06af5f556e944e333499dfde4fe119acb83cbed3d7744c9aac5b38

    SHA512

    42bdce0bfba2bf4b26e77fb33d6680fbbf43c891a4812ca873f621d822d3c93e0f25dd5cc3f31d0772494bcc0ca89ff93386847c0ffb87fab78f2de1d22df799

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\LuaSocket\mime\core.dll
    Filesize

    52KB

    MD5

    4a4845ba1666907f708c9c10a31ec227

    SHA1

    1ebf626adc84147e5114885ce779f92d6eb68f3a

    SHA256

    a1ffee9687ab4a23a78b3251888aff09e2896d76f8d16d713367b265f125188d

    SHA512

    d009f5e2a2ecfbec5e5e788ade142d612846d0c99921774e4a11b060998dfb0680cf1e1a54604535d5560738093f9ae166866cb23eee5c7d9c4e5cc5a33e7464

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\LuaSocket\socket\core.dll
    Filesize

    80KB

    MD5

    4bf7db111acfa7c28ad36606107b3322

    SHA1

    6f20b9f6663ce0c309a2ce60e718d64ffb6c75b3

    SHA256

    bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0

    SHA512

    0a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\LuaXml_lib.dll
    Filesize

    11KB

    MD5

    7292b642bd958aeb7fd7cfd19e45b068

    SHA1

    19a800620d041634abae5b5d096cb0e87ce4c188

    SHA256

    90f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09

    SHA512

    bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\System.dll
    Filesize

    10KB

    MD5

    7e3c808299aa2c405dffa864471ddb7f

    SHA1

    b5de7804dd35ed7afd0c3b59d866f1a0749495e0

    SHA256

    91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

    SHA512

    599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\customnsWeb.dll
    Filesize

    10KB

    MD5

    275de5977168e6db65cc85200df1ce6c

    SHA1

    7338140d51d89725f72532df5e1cc8dbed51a649

    SHA256

    05af47eaa56f8de9b63c7cb3626db4fb941236cf42014140898e5489023becdd

    SHA512

    d626c238af9caaffb19e6227fc744281f7b0644b0c6dc5e010f772bfaa285f84d6630c83d9abf03e4dd479e15370b8a058537985a72a958619eba49ee3337b8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\lua51.dll
    Filesize

    116KB

    MD5

    bbc9ac3211f07e45510861ae429996c3

    SHA1

    0a0d7ea99c959cd4add3deb05e500af5fdf98510

    SHA256

    2a4f510a75453fb49ceb2823756bdbcbfe1a026dcd27a76260229386776ddaad

    SHA512

    f3a4a726ffd7869d277e9ee09a833cc27e10f117c52dd2a2efcc96cf9280730f10dcb704ea78a6d6f16ac2d2db1b94ad6025dfabaf83fdaaca4f5fbb0db1e756

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BEE.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    Download Submit

  • memory/1116-57-0x0000000002570000-0x000000000257E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1116-42-0x00000000029D0000-0x00000000029E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1116-108-0x0000000002560000-0x0000000002569000-memory.dmp

    Filesize

    36KB

    Download