Overview

overview

7

Static

static

3

fc008e3aa4...18.exe

windows7-x64

7

fc008e3aa4...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

ReflexiveA...de.dll

windows7-x64

1

ReflexiveA...de.dll

windows10-2004-x64

1

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

SDL_image.dll

windows7-x64

1

SDL_image.dll

windows10-2004-x64

1

SDL_mixer.dll

windows7-x64

1

SDL_mixer.dll

windows10-2004-x64

1

SDL_ttf.dll

windows7-x64

1

SDL_ttf.dll

windows10-2004-x64

1

bbb.exe

windows7-x64

7

bbb.exe

windows10-2004-x64

7

jpeg.dll

windows7-x64

3

jpeg.dll

windows10-2004-x64

3

libpng1.dll

windows7-x64

1

libpng1.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

zlib.dll

windows7-x64

3

zlib.dll

windows10-2004-x64

3

�...��.lnk

windows7-x64

3

�...��.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    66KB

  • MD5

    e5461a14262765a5b18ac2d319bd370f

  • SHA1

    b1b27d2cb6e613515acb76a611c5e3695284be45

  • SHA256

    fa7a686d97235623051ad6d475c7e7555ec863f849aa68724811ba8fb14bae75

  • SHA512

    211cdb7688009e6dfc92c30cde36de28d2150051249e0d4bb9edd45b1bb5f6f61ceabf6701124220fd691c46fb3828d824c8dce0430aba56912047559e190eb3

  • SSDEEP

    768:0lKW4LmOQU5iuyYPyAyDkvi8JkRio6MjfS+tXJoiI9aC5CP8nn3gYRNBbUFtWsQF:AKNLH58uyYkDHKQXJoiBYRN6QcIwg2RG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:320
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd7fdc7bbec72c1bcdbe63e5192a5d4f

    SHA1

    69b3a9cc051fc5bd27c5e61c8548efb82f3c9330

    SHA256

    d2210cd97c18c20128ccddbb3d5c3fd4056d8167878c78dbfa4b0704732f2234

    SHA512

    c168b1ef1185119d786b36e6e2205435d1456ad6acbdcdf8dd09246bb771ae1f0a41664c4e28fda775e8526a980e5f8cbba132c74ff77f317ab90a14a1989bb6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d13d6aab427b6f5607042c9b1c4e8fa

    SHA1

    8fad1f686e151a4bdc9edd6a830f8f66835031d9

    SHA256

    7641066f58a6e42874298f16286e57bd88e65cd49257f43ae0f2e78ca5fc573c

    SHA512

    178526ba3603543cd3a0d5cb626d3c84a262d19ba2c601baf90aab75be3184f66d48e6a33aec5a0c5fb9a1d4594c3bf7cfbb42b0960eac8c02111afb9adb7642

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    125f3e81de7324ff2900c608b80081fa

    SHA1

    bde1e2add516c18d3eebb509a43273104c6851f6

    SHA256

    5ee22a018a12cfb1a042c8d0cf8a4af6fc5ee80f9a6ecb7e20f64d9f79698b61

    SHA512

    e872757ce2866317c5f06ab6f4130603d973cec23c955632f5850a0bab871eca1f4a728b0e7b1e1eef6e6596e2f243febcf16a3e630454e24685c8bfa3b93bdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    100f3220789ce2febfc616b6b86078e5

    SHA1

    a409023d2ee5a3a76cf7338f4e67c42d817ada33

    SHA256

    0b9267bdbcec21b859301ea86ed3a8421938368fa57e85395cdd93776d4708e9

    SHA512

    a6e86afcae95f24a06f0b2da49d562f79b835f002c525e485d2d3ed591dda9d5c950fe075ff2979d9c017bf92ec955ff1d7c38376e9f110e73694619afcd7875

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b843f7566977688ba577e27cf6bf6720

    SHA1

    cdc62a1a6be47c3efbd79fffb902f4443634603e

    SHA256

    4ac5396ca85d5b27a4426b2d14b39345db6e4e19faddf69444d12ad15a1c468c

    SHA512

    1f06126cf981f5a48039494d2fee1aef11c8c47326c85f5075420279d10b3ebe3aa234789d18ef02d3d6fafe0e826fceaf8c9c02d9751da8832b095fa407cf03

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c31172bbe1295671543856b3b62d20a

    SHA1

    5a71004b180cb3db4f6059f96be355c8f6e43641

    SHA256

    8b8cdb3a19a5549e96272927855c326d62529237b73c9a65fb6e89a66832e82a

    SHA512

    5db3589f86cc80ff43f62d57bbd2274888695f35c38af393ea0a48f27cc893a42a1a36c4185d066e49a997aa734ad712cb54a52f34857c3976b62cdbfe58ed45

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7b15f7987546beab0c3f1d0163357d1

    SHA1

    7a5b39d6618b20333feca59381d591e573856ea3

    SHA256

    8308f268764c57076f24589d32c94e59aeba269defa274b99c710d72250770de

    SHA512

    97eb668273c38c3cd1ee84eba693a2e97878ab8258951eb853a0c7a386791e0d63c0488377236c12786a98a92be8964ba37282c8414059311cb3264eddba9415

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07a39cc1030f8b38265d1f91ccc463f4

    SHA1

    646c6dbf6b44403f33c2c93515c111b798435379

    SHA256

    a8533b9e1da9957be1f5ccacf0bc31f234b7daddc026df33a0797173f7a5d222

    SHA512

    19f9ee15b980dbda962d7e48cec8ecc7f420272fd106303ce0c1e9ad33c1779c33044677644ad629663cbaa82e961adad91584ecc387b53aed84f1f0b552540b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92556cbc7e8f63a5d79fefb4199b5e0a

    SHA1

    306e96d5530c3f2d952190394c59b19b33290bb2

    SHA256

    a4d666aa4f39b6d2046a1cf0cd73995c20e5c1cde2aa0b00ba636a2928cfc8f2

    SHA512

    47ddde2a389e1022740fd6308f948ac2f115cf5017631ed3ef4ce06dcf983e6f36f7a8834314b42cf2f29841e084e9c2ae68f2f5f34fe204ce19563baa380417

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1eb81c589f1f745e786fb82e29598902

    SHA1

    903a8d92679aee01d963e8634682f169c2239f5f

    SHA256

    8343b452db9391f2891fde6d325a619ed3e38df8c7c484077bc8903d0b09ff81

    SHA512

    cb7b0b99b30294cc3dd1dab1e9c8e7f56bc5d7f47b1f5f986ce51d78cb0217834fc7818a4874048d2d104c9d78717d0433acac7bfe118adb26592f1635fd8dea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb72c6ce951c2291f8b34d22d049b3c1

    SHA1

    1d7888d785333bb04381b1a78cfa5fe568992bfd

    SHA256

    a8e26c129c9937aeb0fefca99b60e88d5f06d1fcd79803653b98d483f85bd767

    SHA512

    993958822eef749ba301102d08dc5def5ace6ee89e46dcfd709114d40abb796a4c562170a7595ced6e1935e9af6cf75d4ccf296deb44dee5920a009d607b98f0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81f33612154cc645c48eca8804c96454

    SHA1

    d2d5e546c1acaec8b0f00f106bf16ba81b3c5cc9

    SHA256

    8991f8434e3839cfc18c11d118a34ca9d5254551f360d32d47c484072dc54f7e

    SHA512

    aae66563b0831e76e551d123a250f7f8f941827a5a80353d4cc54bf1aab9b1b84c90aaf2603e0881c2be4237d649411e23ee0e17118cee95d0780d6d2d2ad505

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab736E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar774C.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    66KB

    MD5

    e5461a14262765a5b18ac2d319bd370f

    SHA1

    b1b27d2cb6e613515acb76a611c5e3695284be45

    SHA256

    fa7a686d97235623051ad6d475c7e7555ec863f849aa68724811ba8fb14bae75

    SHA512

    211cdb7688009e6dfc92c30cde36de28d2150051249e0d4bb9edd45b1bb5f6f61ceabf6701124220fd691c46fb3828d824c8dce0430aba56912047559e190eb3

    Download Submit