Overview

overview

7

Static

static

3

d456c9c75d...73.exe

windows7-x64

7

d456c9c75d...73.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 19:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d456c9c75d0ca387abd5e03c88caa873.exe

  • Size

    491KB

  • MD5

    d456c9c75d0ca387abd5e03c88caa873

  • SHA1

    727640fc511633445b85749f51a85c0b1be279fe

  • SHA256

    5c37a71a57ddbc86180f13ec8b53427cb772d2108b688f27054cdde16ff97038

  • SHA512

    46083b1b19aefee86a45d3777ae6730f2649ce706509f91b16d7f67f481277dcabe5062ab11e5420005c5b251b98a50e5e029eca7423e0f72ace8ea0378ec0aa

  • SSDEEP

    6144:xe34R2L/iczh36dqXEVTrnCRZG/t7FTBqTzP7n7O7L6K2Bfo7p5:J2nzh36VVTGf0ZTsnz7O7L6ju7p5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d456c9c75d0ca387abd5e03c88caa873.exe
    "C:\Users\Admin\AppData\Local\Temp\d456c9c75d0ca387abd5e03c88caa873.exe"
    1⤵
    • Loads dropped DLL
    PID:408
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:1012
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:444

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsm322D.tmp\BrandingURL.dll
            Filesize

            4KB

            MD5

            71c46b663baa92ad941388d082af97e7

            SHA1

            5a9fcce065366a526d75cc5ded9aade7cadd6421

            SHA256

            bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

            SHA512

            5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm322D.tmp\InstallOptions.dll
            Filesize

            14KB

            MD5

            325b008aec81e5aaa57096f05d4212b5

            SHA1

            27a2d89747a20305b6518438eff5b9f57f7df5c3

            SHA256

            c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

            SHA512

            18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm322D.tmp\LangDLL.dll
            Filesize

            5KB

            MD5

            9384f4007c492d4fa040924f31c00166

            SHA1

            aba37faef30d7c445584c688a0b5638f5db31c7b

            SHA256

            60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

            SHA512

            68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm322D.tmp\NSISdl.dll
            Filesize

            14KB

            MD5

            a5f8399a743ab7f9c88c645c35b1ebb5

            SHA1

            168f3c158913b0367bf79fa413357fbe97018191

            SHA256

            dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

            SHA512

            824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm322D.tmp\ioSpecial.ini
            Filesize

            1KB

            MD5

            cac9cc3677075648b7809a0ad716e0c5

            SHA1

            11d38ab2a0324c05b0d860546cbdb1058f1427c3

            SHA256

            4c74317123efc07d29d2ef73108d7f69e2892a7d4fd9584dbdc6c0509a7077eb

            SHA512

            9b8e4410c031e0f128fc5b4a3ddf9f1e8f9fae9e051eb461f0c68a64a90bb6ee22ca2680d5f054384ca577c05330457bdf3212159ac1e04b7d46df82f7a9dd8b

            Download Submit

          • memory/444-97-0x0000017912940000-0x0000017912950000-memory.dmp

            Filesize

            64KB

            Download

          • memory/444-113-0x0000017912A40000-0x0000017912A50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/444-129-0x000001791AD60000-0x000001791AD61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/444-131-0x000001791AD90000-0x000001791AD91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/444-132-0x000001791AD90000-0x000001791AD91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/444-133-0x000001791AEA0000-0x000001791AEA1000-memory.dmp

            Filesize

            4KB

            Download