Overview

overview

7

Static

static

3

mkvtoolnix...up.exe

windows7-x64

7

mkvtoolnix...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

cygz.dll

windows7-x64

3

cygz.dll

windows10-2004-x64

3

doc/base64tool.html

windows7-x64

1

doc/base64tool.html

windows10-2004-x64

1

doc/mkvextract.html

windows7-x64

1

doc/mkvextract.html

windows10-2004-x64

1

doc/mkvinfo.html

windows7-x64

1

doc/mkvinfo.html

windows10-2004-x64

1

doc/mkvmerge-gui.html

windows7-x64

1

doc/mkvmerge-gui.html

windows10-2004-x64

1

doc/mkvmerge.html

windows7-x64

1

doc/mkvmerge.html

windows10-2004-x64

1

doc/mmg.html

windows7-x64

1

doc/mmg.html

windows10-2004-x64

1

libcharset.dll

windows7-x64

1

libcharset.dll

windows10-2004-x64

1

libebml.dll

windows7-x64

3

libebml.dll

windows10-2004-x64

3

libiconv.dll

windows7-x64

3

libiconv.dll

windows10-2004-x64

3

libmatroska.dll

windows7-x64

1

libmatroska.dll

windows10-2004-x64

3

mkvextract.exe

windows7-x64

1

mkvextract.exe

windows10-2004-x64

1

mkvinfo.exe

windows7-x64

1

mkvinfo.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mkvtoolnix-unicode-2.4.1-setup.exe

  • Size

    3.9MB

  • MD5

    30c9d4c5f07eff00d9328dfe5cc56f84

  • SHA1

    aa2cebf70d782e6a7d55bc04fd634a65ba598735

  • SHA256

    a8ee40b45468213a4039d2f1c62bc0508c8aac6108697b22b49d793cd325bf7f

  • SHA512

    d19403c917ad61f2cf3514f7d49a8ac68df27664b49222a7f36d723cb9c3bb88cab334d957cf5f1ba8935d0a643a36d517cb63983efb7478bbad178197ea4b5d

  • SSDEEP

    98304:c0D/qAo6+hCIwMmtVnBtqluc7zMb1zjzSkEwYo8pwCw8lLY:ckS3xCpMmtVn+luccBDELw3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mkvtoolnix-unicode-2.4.1-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\mkvtoolnix-unicode-2.4.1-setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso5D20.tmp\ioSpecial.ini
    Filesize

    700B

    MD5

    166b6b028084c51304120d34acd82e82

    SHA1

    82679c22b3aa5939dd3ff81dd3124f6ec7e62329

    SHA256

    2cc63908e6162f75378dd3f1f147cc23999d02ccb310baa0b52f32ab5c293d6f

    SHA512

    cab1f8092dc004524a6ab13a77ad20259f78e61b189e98e33ce93beab454f24dc3a264ea4dbc05eee278da029cdcacca3e8203edbfdd0b01121e9871e607fa30

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D20.tmp\InstallOptions.dll
    Filesize

    16KB

    MD5

    81d523c4efc5d93891c76e90ec740089

    SHA1

    4d8e7eb2702086d5ca7b9ed4e2ba29dd2409a380

    SHA256

    62f96f93647ab30a7ee7a545e787084169f890a693f9fc5a8775143008aa6254

    SHA512

    52229a466aee9929cd47bffd763b96a7bc1aa394651593e1738e339ba64d2bac1a8148ff3f4f69911a7786cb717932175fdd136879c38fb1234b28def9ed357c

    Download Submit

  • memory/2200-76-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2200-77-0x000000006AF00000-0x000000006AF0D000-memory.dmp

    Filesize

    52KB

    Download