Overview

overview

10

Static

static

3

0577b7e8c6...49.exe

windows7-x64

9

0577b7e8c6...49.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EpsilonFruit.exe

windows7-x64

10

EpsilonFruit.exe

windows10-2004-x64

10

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dex.js

windows7-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/....2.bat

windows7-x64

7

resources/....2.bat

windows10-2004-x64

7

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

swiftshade...GL.dll

windows7-x64

1

swiftshade...GL.dll

windows10-2004-x64

1

swiftshade...v2.dll

windows7-x64

1

swiftshade...v2.dll

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat

  • Size

    13KB

  • MD5

    da0f40d84d72ae3e9324ad9a040a2e58

  • SHA1

    4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

  • SHA256

    818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

  • SHA512

    30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

  • SSDEEP

    384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:924
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6A95.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC985E709C301A45AEA17DA3FEE839D71C.TMP"
        3⤵
          PID:2696
      • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
        screenCapture_1.3.2.exe
        2⤵
        • Executes dropped EXE
        PID:2556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES6A95.tmp
      Filesize

      1KB

      MD5

      188b94aec16deb16423135e49ebcc879

      SHA1

      a427ae772f4722af0005850f06a382021902474c

      SHA256

      772f1e2aea27c7389918a49546b9e2a8aaf9a5ec6d9b141c4f0553ef5c72fefc

      SHA512

      c03f3b18fd65cc8db7d22f449c70136fd976fcd2531eeacdba17900aaca508232b856e9e828fd614b8f5f817be323af002258dccbdfd51b02010759fb4d1a6f3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
      Filesize

      12KB

      MD5

      4b896c957d79dbc455734891a7bee6f3

      SHA1

      ac686beb9b701e9a960b6181841f7ae32104f71a

      SHA256

      2fab2a2cc6f6d9e27da0339466da1fb97f647209194dfe9c2c0cfc1c606b9fe7

      SHA512

      2506378799a4e09d77a2b56d9abc68b9e940f0f5a70e4b594aefef9793a346ccf8ec802361680f1af1b5dc8de06492ac651057c38e3f5d3b3265fd8468824525

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC985E709C301A45AEA17DA3FEE839D71C.TMP
      Filesize

      1KB

      MD5

      a6f2d21624678f54a2abed46e9f3ab17

      SHA1

      a2a6f07684c79719007d434cbd1cd2164565734a

      SHA256

      ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

      SHA512

      0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

      Download Submit

    • memory/2556-8-0x00000000000C0000-0x00000000000CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2556-9-0x000007FEF5FD0000-0x000007FEF69BC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2556-10-0x000007FEF5FD0000-0x000007FEF69BC000-memory.dmp

      Filesize

      9.9MB

      Download