Overview

overview

8

Static

static

4

Install_FSUIPC7.zip

windows7-x64

1

Install_FSUIPC7.zip

windows10-2004-x64

1

Install_FS...C7.exe

windows7-x64

7

Install_FS...C7.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

MSFS.bat

windows7-x64

8

MSFS.bat

windows10-2004-x64

8

Install_FS...C7.pdf

windows7-x64

1

Install_FS...C7.pdf

windows10-2004-x64

1

Install_FS...ME.txt

windows7-x64

1

Install_FS...ME.txt

windows10-2004-x64

1

Install_FS...es.txt

windows7-x64

1

Install_FS...es.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install_FSUIPC7/Install_FSUIPC7.exe

  • Size

    38.8MB

  • MD5

    a63d46d2bf213cb86d5b0e76b924cb81

  • SHA1

    1c81646bb9a0a246174cdbc7c078fcaec4ab351e

  • SHA256

    0883539cd07f4afaab921ee2853387f2177bd81b1556d1ab37565d622136cea9

  • SHA512

    76e8682e898605a84cec9e1220fa324204c31c3cabf29f57eae5a227810448dd1e05cdf680bca21fbff9ae1313b2a1b64a9a76eab667f6d3632779088288cd76

  • SSDEEP

    786432:xVeTXnqDvnPOu3t+ouOSZJmrMkPxUUv0XnOkzxeCCT8AnA7IO+zUivm:xKXnqr9+ouOS2MkPpsnDELnnz/vm

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install_FSUIPC7\Install_FSUIPC7.exe
    "C:\Users\Admin\AppData\Local\Temp\Install_FSUIPC7\Install_FSUIPC7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl63BC.tmp\System.dll
    Filesize

    11KB

    MD5

    0063d48afe5a0cdc02833145667b6641

    SHA1

    e7eb614805d183ecb1127c62decb1a6be1b4f7a8

    SHA256

    ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

    SHA512

    71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl63BC.tmp\nsArray.dll
    Filesize

    12KB

    MD5

    0917ee492308b691326e6581e8c793c9

    SHA1

    ff689c8051ffca7657461ac828bc46e303ab8e59

    SHA256

    81745087f193b6fa131189f4b3ee9caa93e9692e408d3955fbcb9a4ec8516e2f

    SHA512

    2a4ae4b93b0eac113a0e65f459798466120f1af4605a82a11f9022d790fe0b4f7d368b312f8a073b1dcfe8760e529ea56a5b5d4289321dc9f2fc8a22691b42b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl63BC.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    6e64e5d5f9498058a300b26b8741d9d5

    SHA1

    837ce28e5e02788da63a7f1d8f20207d2b0bf523

    SHA256

    8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33

    SHA512

    f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl63BC.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit