Overview

overview

7

Static

static

3

4cfe6dd870...53.exe

windows7-x64

7

4cfe6dd870...53.exe

windows10-2004-x64

7

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

3

$PLUGINSDI...ON.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cfe6dd870201ded7be7abb09d474053.exe

  • Size

    397KB

  • MD5

    4cfe6dd870201ded7be7abb09d474053

  • SHA1

    23be704fa177d1f2548dd1d690154c0c9009fd90

  • SHA256

    12ab00a7960f7e9567c41b36bb63bedb31b92d83ad3c442cfb9f0c39423855a9

  • SHA512

    886c5fee631cbb1281522051183fbf5a6de2df8a96d082e06f3b60012991afa9038fea5a5df8dfcc840f8c2cc7024a027e545b480c40b8ff720058d7a11bb015

  • SSDEEP

    6144:gcDSTZGX8mR4JbWuDJvA4VJNYLDnsDTJGGklXGHnavrklDvayGN32sxqpn:AgXPE1A43yvsD4Tt6dlDvGNp2

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cfe6dd870201ded7be7abb09d474053.exe
    "C:\Users\Admin\AppData\Local\Temp\4cfe6dd870201ded7be7abb09d474053.exe"
    1⤵
    • Loads dropped DLL
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi1E89.tmp\INetC.dll
    Filesize

    25KB

    MD5

    40d7eca32b2f4d29db98715dd45bfac5

    SHA1

    124df3f617f562e46095776454e1c0c7bb791cc7

    SHA256

    85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

    SHA512

    5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1E89.tmp\System.dll
    Filesize

    26KB

    MD5

    4f25d99bf1375fe5e61b037b2616695d

    SHA1

    958fad0e54df0736ddab28ff6cb93e6ed580c862

    SHA256

    803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

    SHA512

    96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1E89.tmp\nsJSON.dll
    Filesize

    23KB

    MD5

    f4d89d9a2a3e2f164aea3e93864905c9

    SHA1

    4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

    SHA256

    64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

    SHA512

    dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

    Download Submit

  • memory/2176-5-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2176-27-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download