Overview

overview

7

Static

static

3

04210d6c97...18.exe

windows7-x64

7

04210d6c97...18.exe

windows10-2004-x64

7

$PLUGINSDIR/PW001.exe

windows7-x64

7

$PLUGINSDIR/PW001.exe

windows10-2004-x64

7

$PLUGINSDI...FC.dll

windows7-x64

3

$PLUGINSDI...FC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...86.exe

windows7-x64

7

$PLUGINSDI...86.exe

windows10-2004-x64

7

7ZipBuilder.dll

windows7-x64

1

7ZipBuilder.dll

windows10-2004-x64

1

7zxa.dll

windows7-x64

1

7zxa.dll

windows10-2004-x64

1

BugTrap.dll

windows7-x64

1

BugTrap.dll

windows10-2004-x64

1

Crux P2P.exe

windows7-x64

6

Crux P2P.exe

windows10-2004-x64

7

DocumentReader.dll

windows7-x64

1

DocumentReader.dll

windows10-2004-x64

1

GFLImageServices.dll

windows7-x64

1

GFLImageServices.dll

windows10-2004-x64

1

GFLLibraryBuilder.dll

windows7-x64

1

GFLLibraryBuilder.dll

windows10-2004-x64

1

GeoIP.dll

windows7-x64

1

GeoIP.dll

windows10-2004-x64

3

HashLib.dll

windows7-x64

3

HashLib.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/PW001.exe

  • Size

    894KB

  • MD5

    14e8afb1eeccf97178b645f49d2ea7a1

  • SHA1

    4ba319f46201d7af9c01b28cfc53ba7975c4bc3e

  • SHA256

    1c52b0c39ae1f8405f09fab77e2ff02cc5083b0b329d06c979f4ca4f2eb1f934

  • SHA512

    2e3a78b5d2794c03b672eecc8e30e3d17fcf9119102859eb02cc5d918b2bd3b8cf59b2e5bffd0b304dc8ca6d6ad5149114e964950d720812d062fc029cc6f137

  • SSDEEP

    24576:fG50ZfFK6MLYptRReZ3kTE3S00B1RxjBnYy+olZhDvL1g:fG5UfgVYlMRkTEiRBPxJBVZhDC

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\PW001.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\PW001.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\installer.exe
      .\installer.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\GenericSetup.exe
        C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\GenericSetup.exe husertype=Admin
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\BundleConfig.xml
    Filesize

    11KB

    MD5

    c0a417b3394c1f645bde55008662cf86

    SHA1

    b9034daf2a7080cb7ebf57e33f3867202fe2d4e9

    SHA256

    35a59daed91192145f06fbeda58938613ada800027008566fd15446cdd4ebd9d

    SHA512

    47324c80eb0f8076287bf4fb7e5ea543ebedc654190d543416d20037ccb1b0163a122d3dab6b83ea450545cd76b76589f8a53af3eff3da4d77682c0906d23c14

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\DevLib.dll
    Filesize

    398KB

    MD5

    6ef90166cd0485d28f9041d95c1893a9

    SHA1

    be16f54ff32b3a15fc8ee22fa8cdcf783c196c9b

    SHA256

    b1e20529054b4f884e6e60eb0159a38520a36d90a57f3384e12f7f4351ea2ebe

    SHA512

    cd849a4555bec3befd78ca5ce582e899fe08d75093a6e69f6ce1de1081471a4f9aba912a8ee5947a9ff6b29a25f403058ba22c32adbdd6b05ff014ff7d65a75a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS0E620D36\GenericSetup.exe.config
    Filesize

    1KB

    MD5

    1328a1763a7bcc603e0ca2ca4799f13f

    SHA1

    81ef774069ade7cdd79e7c849212b8eebf28a601

    SHA256

    51cbbd933878a6617ec0c37e10a49933b17d3b2ed4211b4099d9d3d4c282bcf9

    SHA512

    e12cace0bc7e6425732071bd9162978f6150f17c63cce28b40dedb9c6f61ee675feeb415826383678714ceca25ad83a2a3a9a1a166a97124dac3ce67774aa82f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS0E620D36\GenericSetup.exe
    Filesize

    43KB

    MD5

    a9aa4270caa788444d552f2d3578e539

    SHA1

    bf9f679b34742698ba5321f257522c88f61c6e38

    SHA256

    347ed24929f54062ef229bad598f5184ed3d601de3f3da8912c6c964c57100c1

    SHA512

    39c9bd2f323b2a4c9470a1e3d52259389fb3f97cd6c37ab4732a002cdda68a40385fdc055982600259b08d84d1fb79da7b5a71758ec7a595bf5b8eccc28e5ea1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS0E620D36\installer.exe
    Filesize

    1.6MB

    MD5

    79e0c128a1ebbf0de98f4bd18c523f70

    SHA1

    53541473d3f27066170452e95da8516e39f1c947

    SHA256

    a230720e5a75d7ee763b9f740e51fd2a3e5d29f9c053e9f9c7f2814718a5dd7b

    SHA512

    166fb07d17a34e07ea90e75f41d5db4ee292c487798bbc286e6b3778c8049942026a205443caa5c5763b3ea890dc1956a584e687564d017db0ed3d0bf93e76ca

    Download Submit

  • memory/2368-40-0x0000000000EA0000-0x0000000000EB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2368-42-0x0000000000E10000-0x0000000000E78000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2368-43-0x000007FEF56C0000-0x000007FEF60AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2368-44-0x000000001AD30000-0x000000001ADB0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2368-49-0x000007FEF56C0000-0x000007FEF60AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2368-50-0x000000001AD30000-0x000000001ADB0000-memory.dmp

    Filesize

    512KB

    Download