Overview

overview

6

Static

static

1

drw_trial_...36.exe

windows11-21h2-x64

6

$TEMP/down...ic.ini

windows11-21h2-x64

3

$TEMP/down...se.ini

windows11-21h2-x64

3

$TEMP/down...ad.ini

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...ch.ini

windows11-21h2-x64

3

$TEMP/down...er.exe

windows11-21h2-x64

1

$TEMP/down...ch.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...re.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...se.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...or.ini

windows11-21h2-x64

3

$TEMP/down...ay.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...se.ini

windows11-21h2-x64

3

$TEMP/down...an.ini

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...ai.ini

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...ig.ini

windows11-21h2-x64

3

$TEMP/down...ap.dll

windows11-21h2-x64

3

$TEMP/down...xe.exe

windows11-21h2-x64

1

$TEMP/down...up.exe

windows11-21h2-x64

1

$TEMP/down...er.ico

windows11-21h2-x64

3

$TEMP/down...sh.ini

windows11-21h2-x64

3

$TEMP/down...in.zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    205s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-04-2024 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/downloader_easeus/2.0.0/2trial/Norwegian.ini

  • Size

    4KB

  • MD5

    74f6e38b2b7ac3893b1ab6c092b854d1

  • SHA1

    583b35335d479e9e3bc6b412a7cae52fc1b3d3bf

  • SHA256

    9692fecb48e8745f26c235c8925f106e56e862cd1b7b8ca8c84b8cb751b7a748

  • SHA512

    0464be71e6eeac902346d1a5119612d7bde62d2efcb15d4a14cf88814294358e69ba592cfd5f4b86eeb72fe3e3a9c2edf61510ae16b16ca5d0a591dbb416e0af

  • SSDEEP

    96:SZW6SqbvTbksATWSwj52UhqTk5Fgr0ZOE636z/WUsQ0d2l:SZNvv/kNT9wiTYm6br7sGl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\Norwegian.ini
    1⤵
    • Modifies registry class
    PID:4440
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads