Overview

overview

7

Static

static

3

webplugin.exe

windows7-x64

7

webplugin.exe

windows10-2004-x64

7

DHSurveillanceDll.dll

windows7-x64

1

DHSurveillanceDll.dll

windows10-2004-x64

1

TimeGridEXE.exe

windows7-x64

1

TimeGridEXE.exe

windows10-2004-x64

1

VideoWindow.dll

windows7-x64

1

VideoWindow.dll

windows10-2004-x64

1

WebActiveEXE.exe

windows7-x64

1

WebActiveEXE.exe

windows10-2004-x64

1

dhnetsdk.dll

windows7-x64

1

dhnetsdk.dll

windows10-2004-x64

1

dhplay.dll

windows7-x64

1

dhplay.dll

windows10-2004-x64

1

h264dec.dll

windows7-x64

3

h264dec.dll

windows10-2004-x64

3

mjpegdec.dll

windows7-x64

1

mjpegdec.dll

windows10-2004-x64

3

npTimeGrid.dll

windows7-x64

1

npTimeGrid.dll

windows10-2004-x64

3

npmedia.dll

windows7-x64

1

npmedia.dll

windows10-2004-x64

3

postproc.dll

windows7-x64

1

postproc.dll

windows10-2004-x64

3

timeAxesDll.dll

windows7-x64

1

timeAxesDll.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    webplugin.exe

  • Size

    903KB

  • Sample

    240427-gem59sda9v

  • MD5

    d6b2329144e1cc520b9eb6c1efad9bb8

  • SHA1

    e93e1d52b996ef3fbeaaa565d78f64ef104e22f7

  • SHA256

    5f09de90db804401842617dddb5750c6a8d7a27edb409c91f2ef86d0198d3e58

  • SHA512

    9ad670546544446ece6ac79ec2e77eabd0a12db112da4a3cccf4669ad3e17eeab561b1a605fbb40e6a9f1c77ff50f029e068b7b4fcba1c009060fa571b36aefa

  • SSDEEP

    24576:TrN2WkZj5repeNZOqTU7XwA3JBcVDe9Pku2C:XNDkZjV53fpeaVckXC

Score
7/10

Malware Config

Targets

    • Target

      webplugin.exe

    • Size

      903KB

    • MD5

      d6b2329144e1cc520b9eb6c1efad9bb8

    • SHA1

      e93e1d52b996ef3fbeaaa565d78f64ef104e22f7

    • SHA256

      5f09de90db804401842617dddb5750c6a8d7a27edb409c91f2ef86d0198d3e58

    • SHA512

      9ad670546544446ece6ac79ec2e77eabd0a12db112da4a3cccf4669ad3e17eeab561b1a605fbb40e6a9f1c77ff50f029e068b7b4fcba1c009060fa571b36aefa

    • SSDEEP

      24576:TrN2WkZj5repeNZOqTU7XwA3JBcVDe9Pku2C:XNDkZjV53fpeaVckXC

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      DHSurveillanceDll.dll

    • Size

      352KB

    • MD5

      bc1b51f060e5268a471ade14ce739c6d

    • SHA1

      42fec20b1d7f65775e8299c14f2b1bbb624954a7

    • SHA256

      568bea8883057e2b4901cf9ba20bf041ef94a0b421dd9ff12b96fc6d3d53ae39

    • SHA512

      eb39aae6da85d4664395df2000677beabde7e809afda51dda23e2ade54040ad59950cd295e03de747ff3501ca8824dbd958900df418b9366dd11c22ca671bb2f

    • SSDEEP

      6144:ncXYLjGEPLreRJT0Y9T4uy9b54LKotOBDrT6Tzhc5P:nWOjGETreP2uwkKomrT6T4

    Score
    1/10
    behavioral3behavioral4

    • Target

      TimeGridEXE.exe

    • Size

      52KB

    • MD5

      229e2e90b17c38383ca151c2c0a98651

    • SHA1

      14678051c63cd193ff6db1dda11bf54e1ea93621

    • SHA256

      5db1910499f88f3d40af746d6cb0d50c10e955bee3866b05c6ac752b5a154ffd

    • SHA512

      38d0394c34a26c8cb2b1ed5b307718f31c1f4f05be8899e47245b86e301c8b48aeddd834f15459c84997e56a5eff344fce726dd9fbfa8323d02ae0e30d565b0c

    • SSDEEP

      768:ngdG18O+tApeYGp6zXn54EMfUvCpToSKtfykr+RByNm:nYG1vZX6EHC5Pm+RB

    Score
    1/10
    behavioral5behavioral6

    • Target

      VideoWindow.dll

    • Size

      184KB

    • MD5

      01861226a315a980d1f14c6cfdb6e393

    • SHA1

      ad2a44f81bd0b5530d22d36998ab9ca2b765dcec

    • SHA256

      ffcb28ce41eee07201f753a5cd302cf9f88312c29eb8f101c5e2170717bfd3d5

    • SHA512

      c7b27a1e0c08d0d4c79278cac5d90ecc84c5e68188b04de26c17d216484e541fdfb3a48c24ed6551d36e69c5effd65e64b4a3759c76ef884bd6f6ade83137e0c

    • SSDEEP

      3072:Oe2e6elAaXun8eI3EMZa5IeJezw01MLqCh+aoJuk261u:x51poqZuQzPMLqlaoJu+

    Score
    1/10
    behavioral7behavioral8

    • Target

      WebActiveEXE.exe

    • Size

      128KB

    • MD5

      ed6d2f2dd69c8a9d11b69c972be13db5

    • SHA1

      ee9625e42c4a5aa4708ff655b4a4f1eb5be80119

    • SHA256

      1e86726139c008fd1ecf70188aba349e839c924778ab34a5457f6dbd4c42a5a9

    • SHA512

      7f5a44da1eafb54ec2dab0f35c5e3c3aae2fe0b75d004174b362a77f4f1324063ea4ebb1007d92907281b65e6431f39f0091200a2569f2e27bfde5aac41e6c08

    • SSDEEP

      3072:qdUeYMCgyA1MLwS+b+kK7eAGUvPA94Qy6zRCqjF:U1MUTSeAGj94Q31F

    Score
    1/10
    behavioral10behavioral9

    • Target

      dhnetsdk.dll

    • Size

      872KB

    • MD5

      58aa81962eb33c0bae91663559c7aee9

    • SHA1

      2ca99598b0762024b7d2f88be5cba936715464a2

    • SHA256

      5ee2b71ddb06d1c11e3e503a49168e71c04d7255e12d7670b3d0f6d9333e1229

    • SHA512

      0f437be665ea536506295edecbc8a686458de1581bdca59378e96d6d2667a507207c942ae07ac882d6e003621f1cb6255cd77cf091036807a582c2c6d2e0ce7b

    • SSDEEP

      24576:JS1MBVw/iOcVZBW2vuPm/dH1Vt9YMggNfu:DwxS8c/91Vt9YFAf

    Score
    1/10
    behavioral11behavioral12

    • Target

      dhplay.dll

    • Size

      304KB

    • MD5

      6f9a041bd79925c43e7a93c6fd279223

    • SHA1

      04921c3f5dfd6177da45ac65c3dee02980c61c6e

    • SHA256

      a20d8defe0339a2bab188e971685af1ee2862db8fc258c8dce8b5e2cea8719dd

    • SHA512

      06256e86faf2bfbfa1d93c20e2db93af750fa5df1e64d824ef02d5b740c9bd18d7d95d926e4f0fe0a8e865d84d1284c8dc50283460183ede130d53523260c20f

    • SSDEEP

      6144:KhkLWJehYI5um/hTlmWi+rg93QmX0/nRLLnprRYZ:KhChF5XBl9i+0SmX0PRLYZ

    Score
    1/10
    behavioral13behavioral14

    • Target

      h264dec.dll

    • Size

      283KB

    • MD5

      7d6a901633d97ac3d21272f3c99c1b6f

    • SHA1

      f4a094bd055a536f856e73626fbf63fe988d4407

    • SHA256

      de86264ec5ffb0c9fd20bf7bb6298089a68f403012342c88ee3bfed9c9de6470

    • SHA512

      0d8cd00df5eb694b1451c819f9e6e30c904f9ae8e48234c23e8a17838b7915892529d263c0685d0f7fd171977e66ffe5e4e39f82194fd0dac730c645e322736f

    • SSDEEP

      6144:5VWrBYGEg3eHFPjz66/rajZZwoOFphkJkRL0sQaPDfmvf7nEXszs96tjSFsGj32y:erBYGRelPhM6rWgG

    Score
    3/10
    behavioral15behavioral16

    • Target

      mjpegdec.dll

    • Size

      128KB

    • MD5

      62c84a5b3b8bcac608de3a91316e8e25

    • SHA1

      7a0bdec95f71ce9defde09b746cb988839fa04c3

    • SHA256

      6d9f73e6bb92aab61d186bc5865f4fd7f8e4c03055a3f18eb5669867cd044268

    • SHA512

      6d781c4f285c39fb605cbf1d811a31f69640e20ef1f77655c2914cd9bc3d056d53ff92f7763af9724deeae4780277bb95f1c2298a7ac20798ce6ace32cf2a92a

    • SSDEEP

      1536:Fxfbn2TebH8HPhFHvTCkW8Q22jPK2GJE1Aw1hEqXloI+0rr+kO5oH0Kl:w+H2FtZQxDKGmwvEpI+0raZ5oH0Kl

    Score
    3/10
    behavioral17behavioral18

    • Target

      npTimeGrid.dll

    • Size

      44KB

    • MD5

      d41683eb7b037a95485ed8b437d2fbcc

    • SHA1

      909208a108395a89b2922c9a94f3c070575c68e5

    • SHA256

      2df1af8a1d0b2cd25642685c091859803ae48a9d636818b68e15c75cb0058a86

    • SHA512

      2938557ade2fef2df6ea4f1f348fcb1a0d02fdc1f67b6556a69171c6935ecbfc90bd41a758271fe58fe72a07b2f24123c2244f56d4bf9e0f3f9f38300870b8e7

    • SSDEEP

      768:oB99gjVq8DmwjLM7iyoX2iLD2USZ2Oqh:k9gjVq8aws5oX2iv5SQOqh

    Score
    3/10
    behavioral19behavioral20

    • Target

      npmedia.dll

    • Size

      116KB

    • MD5

      6ebd8849941497c4567fcc4dc5333717

    • SHA1

      8adcebfa26efbef7be7ba4e79bc26a46d136c5fc

    • SHA256

      50d89b7b6118cf2b3fd26f127736d907d3b45acce162bf32561c54743edf85eb

    • SHA512

      82b6b86e109019c1ee1823a5f1e83472bb683d916d5a9c0a208f17a9f53cb8d6c0ba72284bbefa9074181d4e3db1de3239cfbb490e6a0449da4b5bf41c23566c

    • SSDEEP

      1536:9K8i0ikR/R6GfHU8TIeQbO63+J0LNS5xMwJzZG1GIp5gN8+pD77/:xiIRP/tTKBS5xMwDG1GIkS+pDX/

    Score
    3/10
    behavioral21behavioral22

    • Target

      postproc.dll

    • Size

      80KB

    • MD5

      72f3b9040826e524473b9da836a3a5e3

    • SHA1

      2f13d40f18736bca4b6416eb39e68d0efcfbcd37

    • SHA256

      b057f6571a95cfd35e16aae5513918ba6235ee24809e70aa63fae714468f583a

    • SHA512

      54876221e1ee1e705142d0e717a04ec4fa911f70a05acbd0468ac85684ec7653253a1c45f577cbe7eb76520c1dbb1677007bf264e91ee5553c43428a4964c30d

    • SSDEEP

      1536:MleonJza7THltm1JjqRXQJFg2oX9W/mxec/dUWbkOboyQGT0:TonJev/mXjqtOm2oX9W/QH/dUWbZboyS

    Score
    3/10
    behavioral23behavioral24

    • Target

      timeAxesDll.dll

    • Size

      104KB

    • MD5

      6e188fb1ebd4777bff8a0c418e60f7ff

    • SHA1

      be1e8e9156ea895d88798b3e0536811ff8f089c9

    • SHA256

      545e9d781569951a55afefc626fb222bbeda4f7299bbf3367b25cb279abe39f3

    • SHA512

      da9cb3f8b1b68daa70d2dbd28b8c0d92780058513e7acfd1f6919f153658f64f8d3ebdf5ddc3af9f5f7ff8483500d192c7971c6da6031c3082afb176d089077c

    • SSDEEP

      1536:MO2bSxPz7kEXPP4Rz5UQtBzeWKzwab5UanjNAIOebvrIvw:MZoPkEXP6ZHzezzwab5UajNNVvrI4

    Score
    1/10
    behavioral25behavioral26

    • Target

      uninst.exe

    • Size

      52KB

    • MD5

      8e954373dfc18180a4088fd49adbbc60

    • SHA1

      c09884fc9444d6a7ff7833e9974d9c412beee077

    • SHA256

      0255626352894690674e7e34f52b4d84d31133d0d92b3c1c957d2c318ab564e3

    • SHA512

      c230bce9e2b1e8f911b97926ce4e46c2b7d91621391e7252489bdc9eaea0e9be1da3c60de99e24499c628a7ae49f98d0a3d1f61b7e99397885d193203a724a77

    • SSDEEP

      768:c1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJXgZl2iZQAm6kRRS+NoJRnKhdef:6QpQ5EP0ijnRTXJXgZlLeAyNlhd0

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks