Overview

overview

10

Static

static

10

9b587f0574...1a.exe

windows7-x64

7

9b587f0574...1a.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

7z/7z.dll

windows7-x64

1

7z/7z.dll

windows10-2004-x64

1

7z/7z.exe

windows7-x64

1

7z/7z.exe

windows10-2004-x64

1

CalcHashAB.dll

windows7-x64

1

CalcHashAB.dll

windows10-2004-x64

3

Extxml2.dll

windows7-x64

3

Extxml2.dll

windows10-2004-x64

3

FatOperate.dll

windows7-x64

1

FatOperate.dll

windows10-2004-x64

3

FileHash.dll

windows7-x64

1

FileHash.dll

windows10-2004-x64

3

Initialize.dll

windows7-x64

6

Initialize.dll

windows10-2004-x64

6

LibSearchFileName.dll

windows7-x64

1

LibSearchFileName.dll

windows10-2004-x64

1

NamePipe.dll

windows7-x64

3

NamePipe.dll

windows10-2004-x64

3

NtfsOperate.dll

windows7-x64

1

NtfsOperate.dll

windows10-2004-x64

1

RecoveryPhoto.dll

windows7-x64

1

RecoveryPhoto.dll

windows10-2004-x64

3

SaveOperate.dll

windows7-x64

1

SaveOperate.dll

windows10-2004-x64

1

SoftwareLog.dll

windows7-x64

1

SoftwareLog.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe

  • Size

    39.8MB

  • MD5

    8d5ed34215ddaf7c09b15a3c137677b8

  • SHA1

    f9c8dc1eb47dcce7c9fa8c5c2c41bec58b88dd18

  • SHA256

    9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a

  • SHA512

    6d7a1a480bf1b02cce154493e02ebed0c6e60a58830096e811262a0f8000537e579acb16bd150a060de1a6a1ad346df3d590706d1e592dc04521fec334ba149e

  • SSDEEP

    786432:AkwEspy2XycvakaqBGlWOP0MG85oXglyO4+xI4EJtL5J1EPeMy3+QszDSS:AzEspXycWqBS8H8LlyO4+xI48tUY+Q+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
    "C:\Users\Admin\AppData\Local\Temp\9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst146C.tmp\ioSpecial.ini
    Filesize

    689B

    MD5

    ba7112c6b36553582aca909512011191

    SHA1

    a597e650cc41d0fd5bd1fe506e28cd52a0efb45a

    SHA256

    927a2088a446190e73de319334e8c5de78e8e700a931a37f50463c2d1b731c1c

    SHA512

    4277f34be3dded606e0f40b20fa623f6b9da845f398e7ff644df02aa13e64e6140954a313e82e0a937e2f3a5773b28f2c86b13a81822461f195ac95d3186a348

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst146C.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst146C.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    ebd0da54db9f12ffd15206cc24355793

    SHA1

    910be3bebdde55eb1ce05915a79f01ebdc622786

    SHA256

    4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

    SHA512

    cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

    Download Submit