Overview

overview

10

Static

static

10

4823257b6e...17.exe

windows7-x64

7

4823257b6e...17.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

1

$PLUGINSDI...og.dll

windows10-2004-x64

1

7z/7z.dll

windows7-x64

1

7z/7z.dll

windows10-2004-x64

1

7z/7z.exe

windows7-x64

1

7z/7z.exe

windows10-2004-x64

1

CalcHashAB.dll

windows7-x64

1

CalcHashAB.dll

windows10-2004-x64

3

Extxml2.dll

windows7-x64

3

Extxml2.dll

windows10-2004-x64

3

FatOperate.dll

windows7-x64

1

FatOperate.dll

windows10-2004-x64

3

FileHash.dll

windows7-x64

1

FileHash.dll

windows10-2004-x64

3

FreeImage.dll

windows7-x64

3

FreeImage.dll

windows10-2004-x64

3

InfoReport.dll

windows7-x64

3

InfoReport.dll

windows10-2004-x64

3

Initialize.dll

windows7-x64

6

Initialize.dll

windows10-2004-x64

6

LibSearchFileName.dll

windows7-x64

1

LibSearchFileName.dll

windows10-2004-x64

1

NamePipe.dll

windows7-x64

3

NamePipe.dll

windows10-2004-x64

3

NtfsOperate.dll

windows7-x64

1

NtfsOperate.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe

  • Size

    12.2MB

  • MD5

    e426d3a221efae78fe3d82ce2175962d

  • SHA1

    a808e727601fae49f6646461c9409e9236f9f6bd

  • SHA256

    4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717

  • SHA512

    38af105b6d21957c79011abb6753ac180cc69cfcb9b336e917e8247493d251c567a98c5ede05102981b9935deef4de89ac363027bf70145b3eb3a8abe477cd15

  • SSDEEP

    196608:OwZ6k5h5gRIz8KHZTuxIBTANp6GuYEFQT3Xhp+fLC/GffQtli1rOL5oFk2:bth5gmNVuWAp6GwFQTBp+VItA1rlFl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
    "C:\Users\Admin\AppData\Local\Temp\4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1260

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\ioSpecial.ini
    Filesize

    697B

    MD5

    c5791f589fbc92e78f82151b50422181

    SHA1

    117b5c198e3dc96177eeb73b7b718414099e7a6a

    SHA256

    5c3090b5c7e222948fec7846b8a106f8d2533a47bea5d220af06e41775034521

    SHA512

    06ef376f9c72251e4dcccc13c5ed2146d1124054f43313f27efad71db1e8d2d3d61bdce17c95f35869f8fe33536926715fad08476a8bafbe8bf577e1893bb51e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    ebd0da54db9f12ffd15206cc24355793

    SHA1

    910be3bebdde55eb1ce05915a79f01ebdc622786

    SHA256

    4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

    SHA512

    cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

    Download Submit