Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 15:49

General

  • Target

    dc02961c3109e7369f377da2913ba80d.exe

  • Size

    716KB

  • MD5

    dc02961c3109e7369f377da2913ba80d

  • SHA1

    45237c0ddaeeb9e593466254923ec5c8a312e055

  • SHA256

    bd2c84eb297ff45149c18bcee3a8c57ed663176d4a79c1440b9ef9cc1af310b0

  • SHA512

    47f5f50f049222b2c84733c163fa37489ec81d82c5c67d3a12ecdd6f92d171ec053acbd0ebfcc33136b987663170e9ede4b1295d68751675a537443c5592bd2d

  • SSDEEP

    12288:F36l0V+ekTR1pQMVvoDLbcTCpxWiY7tVyia5Mp7O0o45mx4MjTCB5OPiSIoKJ:F3sTHpQMCDLb4u/2zAQJ5mn0SLg

Malware Config

Signatures

  • Loads dropped DLL 43 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc02961c3109e7369f377da2913ba80d.exe
    "C:\Users\Admin\AppData\Local\Temp\dc02961c3109e7369f377da2913ba80d.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsj8AB5.tmp\Math.dll

    Filesize

    66KB

    MD5

    8835b67f15d96144f3184e684fa76b43

    SHA1

    365e34a34eb8c123d765b7deefd3ebb90fe0fe4b

    SHA256

    df1e70965e0aab1b464e623ccaee5457e66dc2e955733658c8fc337a893aa51c

    SHA512

    3a7f89af391708c56d1d117e24f2f9f1c5e3db27716665fcfed66aea64d2a72ac293cb3b8d09482438b06f5e1f97338fd700d0ccef036814047b0842ad8b9c13

  • \Users\Admin\AppData\Local\Temp\nsj8AB5.tmp\NSISdl.dll

    Filesize

    14KB

    MD5

    f0e51d5722c11a4fe40c97b746c1ffc5

    SHA1

    8ec31853e9ef08fdc2a8c3c8eaa5f5b9469af193

    SHA256

    93a27f96055ae6b7f44916e13487b0efa7cd6d762e6768f7cb6427e32bda777d

    SHA512

    212c1ed753b54e5eccf7e1421bcca86955e09d6e3873f891d3d7076e21f79feb5f1dba350818804a215980875c306283b02f628fbc191d958f0de0f528c7194a

  • \Users\Admin\AppData\Local\Temp\nsj8AB5.tmp\System.dll

    Filesize

    10KB

    MD5

    7e3c808299aa2c405dffa864471ddb7f

    SHA1

    b5de7804dd35ed7afd0c3b59d866f1a0749495e0

    SHA256

    91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

    SHA512

    599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

  • \Windows\SysWOW64\nst8F38.dll

    Filesize

    1.2MB

    MD5

    104be7b21b09b5863ea03eb7c6c1298a

    SHA1

    f87600bca12beef0396f19650f34587c2c80cdee

    SHA256

    afe8c52bf5d96ad9b890477e1608e2f56f332a4e7bae449f68f6d47e4592b54b

    SHA512

    339beaba14c9ee8b7277eba97d1d1af1ebb50bf59be4c3dc0f0aa02655c2ea0661738007b4c21642fb76b8c61edf6599208d4cc53b15b6a21eec6656f55eb5a1

  • memory/2200-9-0x00000000004A0000-0x00000000004BA000-memory.dmp

    Filesize

    104KB

  • memory/2200-169-0x0000000002F60000-0x0000000003098000-memory.dmp

    Filesize

    1.2MB