Overview

overview

10

Static

static

10

fcadf0a0a2...9d.exe

windows7-x64

7

fcadf0a0a2...9d.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

7z/7z.dll

windows7-x64

1

7z/7z.dll

windows10-2004-x64

1

7z/7z.exe

windows7-x64

1

7z/7z.exe

windows10-2004-x64

1

CalcHashAB.dll

windows7-x64

1

CalcHashAB.dll

windows10-2004-x64

3

Extxml2.dll

windows7-x64

3

Extxml2.dll

windows10-2004-x64

3

FatOperate.dll

windows7-x64

3

FatOperate.dll

windows10-2004-x64

3

FileHash.dll

windows7-x64

1

FileHash.dll

windows10-2004-x64

3

Initialize.dll

windows7-x64

6

Initialize.dll

windows10-2004-x64

6

LibSearchFileName.dll

windows7-x64

1

LibSearchFileName.dll

windows10-2004-x64

1

NamePipe.dll

windows7-x64

3

NamePipe.dll

windows10-2004-x64

3

NtfsOperate.dll

windows7-x64

1

NtfsOperate.dll

windows10-2004-x64

1

RecoveryPhoto.dll

windows7-x64

1

RecoveryPhoto.dll

windows10-2004-x64

3

SaveOperate.dll

windows7-x64

1

SaveOperate.dll

windows10-2004-x64

1

SoftwareLog.dll

windows7-x64

1

SoftwareLog.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d.exe

  • Size

    39.5MB

  • MD5

    01e82baef85b5e28a5f153f13fd320b2

  • SHA1

    3e143d4c368aa53c1cf7d30ce36401463ce8b1db

  • SHA256

    fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d

  • SHA512

    8cf08a9cd8abbf47980dd2125835c2ed2b9363b57fc847bc826f33200bb59f50246ea3ade7dc4c2a875e6eb03638be59c2ac5d78e7236ea958b1b853ae3ec573

  • SSDEEP

    786432:oCU1Esp3xH+2cvakaqBGlWOP0MG85oXglyO4+xI4EJtL5X1OrbciRT1coX44j:oB1EsT+2cWqBS8H8LlyO4+xI48tooiR/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d.exe
    "C:\Users\Admin\AppData\Local\Temp\fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst32E4.tmp\ioSpecial.ini
    Filesize

    693B

    MD5

    addc5c20e83ce116193fcadf53573ab6

    SHA1

    a54e5d0c722c4c49c314638ead2b53d7a3785f42

    SHA256

    6c2cfb5ec333808046b27215f9829d9746f9cd5b771d0c760b895b36fa770a7a

    SHA512

    bb7d7d51ed7b2ad5f562912aee35e6f852d4030abd7725d7659bd449e8e98a80c0fa45beef41c1b1fa1a4288f8ed7b73c8c21a9555fc6e159499c83723d2984f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nst32E4.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nst32E4.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    ebd0da54db9f12ffd15206cc24355793

    SHA1

    910be3bebdde55eb1ce05915a79f01ebdc622786

    SHA256

    4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

    SHA512

    cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

    Download Submit