Overview

overview

10

Static

static

10

4823257b6e...17.exe

windows7-x64

7

4823257b6e...17.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

1

$PLUGINSDI...og.dll

windows10-2004-x64

1

7z/7z.dll

windows7-x64

1

7z/7z.dll

windows10-2004-x64

1

7z/7z.exe

windows7-x64

1

7z/7z.exe

windows10-2004-x64

1

CalcHashAB.dll

windows7-x64

1

CalcHashAB.dll

windows10-2004-x64

3

Extxml2.dll

windows7-x64

3

Extxml2.dll

windows10-2004-x64

3

FatOperate.dll

windows7-x64

1

FatOperate.dll

windows10-2004-x64

3

FileHash.dll

windows7-x64

1

FileHash.dll

windows10-2004-x64

3

FreeImage.dll

windows7-x64

3

FreeImage.dll

windows10-2004-x64

3

InfoReport.dll

windows7-x64

3

InfoReport.dll

windows10-2004-x64

3

Initialize.dll

windows7-x64

6

Initialize.dll

windows10-2004-x64

6

LibSearchFileName.dll

windows7-x64

1

LibSearchFileName.dll

windows10-2004-x64

1

NamePipe.dll

windows7-x64

3

NamePipe.dll

windows10-2004-x64

3

NtfsOperate.dll

windows7-x64

1

NtfsOperate.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe

  • Size

    12.2MB

  • MD5

    e426d3a221efae78fe3d82ce2175962d

  • SHA1

    a808e727601fae49f6646461c9409e9236f9f6bd

  • SHA256

    4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717

  • SHA512

    38af105b6d21957c79011abb6753ac180cc69cfcb9b336e917e8247493d251c567a98c5ede05102981b9935deef4de89ac363027bf70145b3eb3a8abe477cd15

  • SSDEEP

    196608:OwZ6k5h5gRIz8KHZTuxIBTANp6GuYEFQT3Xhp+fLC/GffQtli1rOL5oFk2:bth5gmNVuWAp6GwFQTBp+VItA1rlFl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
    "C:\Users\Admin\AppData\Local\Temp\4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe"
    1⤵
    • Loads dropped DLL
    PID:3828

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsk39A0.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsk39A0.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    ebd0da54db9f12ffd15206cc24355793

    SHA1

    910be3bebdde55eb1ce05915a79f01ebdc622786

    SHA256

    4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

    SHA512

    cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsk39A0.tmp\ioSpecial.ini
    Filesize

    697B

    MD5

    5f34908ad1c359e25f9d73169bd4eff2

    SHA1

    7255a5292482f52bb6ca0fe14cd301aa65172447

    SHA256

    ed0cfc3300bba56d18b707f14f1858b761719a8679dd3d847f0b6e6aa363cd52

    SHA512

    3f45b424256959c575a517dd0056d5b102fd5f9894342f32e14d40fa0d23a1a7b06bca2ed5da77be8e9b4b8ccdd44e5cf0a7151667da7b3fce5e962868f48278

    Download Submit