Overview

overview

8

Static

static

3

EcosiaInstaller.exe

windows7-x64

7

EcosiaInstaller.exe

windows10-2004-x64

8

$PLUGINSDI...le.dll

windows7-x64

3

$PLUGINSDI...le.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EcosiaInstaller.exe

  • Size

    1.0MB

  • MD5

    ead03cdd9d3398c50ffd82d1f1021d53

  • SHA1

    24b37f404d510f4eb7807dd89de20e936fc18190

  • SHA256

    4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

  • SHA512

    ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70

  • SSDEEP

    24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
    1⤵
    • Loads dropped DLL
    PID:1700
  • C:\Program Files\Microsoft Games\solitaire\solitaire.exe
    "C:\Program Files\Microsoft Games\solitaire\solitaire.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2820
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\InstallHide.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    054bf47f6c1f8a7c42b74d29288646f8

    SHA1

    b7a7251192c3c009f120ac1f36c4575699aa221a

    SHA256

    acbcbce1618bdbe7fb38eaf71b420bd8df7c8d73850c03dfb9e947fa01992188

    SHA512

    11aad96ce670554c7731d663d8f74e2bd9c8d55d76fba27ac6a021dc3b8dcb64a6e80cbe29c289997903967465de17c346475d8c514659beef2e081f5fa16e3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f48b3ce0d8acb9a0b83edc289e79fd6f

    SHA1

    3273ac4a398e4a603622deddbe42171cd6a9c14a

    SHA256

    e302558019705bdd49d36a811a0a562b12dec0b2ccc9075a31238a758d8e643b

    SHA512

    d897f60390cdc07cb0cc89002622bdb2671423475e12fab100570068ba2ce30ad9fc95c9b608c46b1b87b8176110f328cde96693f6854d514b3cce4ca8dac247

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca8ec411aa9b5ea7c30c826d5df3c20e

    SHA1

    c364c89cd2454b30ac80b35fff88c77ab689eaeb

    SHA256

    3dcaa7c1a88af14aeefd27234fbbf89b730259849da319769158f84885dfbfbc

    SHA512

    7e49816b82c5291608a9b4d1ffe00e4a0e45ff6195a7f7bd6df837efa574bf01d52fb6fded80936780d19fd81d227fdad34cac7d4d3c278be424f91a0f10dee4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17b64101ffb7555a07e6c4434d57893c

    SHA1

    cbca838836632452044e5fb4850247a4177b8e08

    SHA256

    84d239acfe165bdab9c780af08cc47b7527cea7044a555647122140066d4d79d

    SHA512

    232621bb3551f236ea0a1575ad42e27df210b41ac3df216bd091a625db2b2403ff7bc2e9cc81bd3a54b641c4bcd2e9737d87d4ea0dd579b95d70e967b8b4c158

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8ad0bda9b166d9419f8c5ab01248937

    SHA1

    79fb2e41f67a1c4530c24ade6e741453826fdafa

    SHA256

    f77c9297ce2f32cdf5ff754c41069f1d3b09570d736cae2f478c7b264101706d

    SHA512

    c30720b8f0a19f9cd0362aacbe9c4b39c0d83b67674f0c27594a39a4ff111fd95d29698f08a0864a6541ebfb7d739066b8442dd34aa0a502dd29eba8d252ecce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6836ac22055919f0fcbf40634d8bc934

    SHA1

    9303b7a6bca46d7a3660716e97e42c46d3742d82

    SHA256

    850bdd28b88b29da6cbc3ef3a0cae9f91a0434594367bd2e26349bd5d9cdbf06

    SHA512

    e52f45fbabb39b02c1625ed1c1e9dbd8db80aec6ef4b5a0327c6a8de1a56cbb377d0f340db830925244ce9a63f608029c8cf3519bceb5b8b8177744ee014a602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aad820d88c0ece2b90083fbb1c6fc53d

    SHA1

    487dfeb2e95d74c1ad1e2a171523abf60d6e15db

    SHA256

    343e410c8826915a245fd62f0c2cb9a4b058132002eedb8a0a13bd8f903f135a

    SHA512

    4386c125ffd39dfb4803c3510d51407aba7c299d9c4386d7f95a0df23e1aa904d0206cf3a7a3bbc685a359abcc4d7b90b3bb4a2cbd37d3f5160415183b33f2de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6304aaa830b0eb13538bb282d49cd34d

    SHA1

    eae4a1705e47a7ee90de22c40ee74d1a85282c16

    SHA256

    9c0680519c5b7fd3513f185ab43b1a92b72b0417afc0be9c15f063f8b2071166

    SHA512

    f458ca8e83c5bc55715ba37e854e034cfff508ff3e14b9107b43b9282b9135ede5816fc2cf8aa6194abfd163ed6a73c4b81799672ccab6a60607a41ec3a3ccb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4341c15dd0b4c8eebc8673694d7e7cbd

    SHA1

    03a2efe84a5f88f7fecd51caa659bdab4e297d57

    SHA256

    40c1fb3b10d9d940053abc0f29cbef58eb3a2039ecf4b83ee782fb8b0ebe75bc

    SHA512

    fe18b6397ac1ff483a0a67d4dd1f334ea88139c54625f96394770e5f7a279c3859797c2eee04e02178d4fa9208a80b7bff14c0fe111665221df8e4051c0c446e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8C0D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8CEE.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF6264628F1D81A39E.TMP
    Filesize

    16KB

    MD5

    6127fb55027557f29e864934cd0fab31

    SHA1

    0ebccb0cdc3a233703ce95b72c75c32b1cfc338a

    SHA256

    54226947cfcab2e9375eb675463109b33b55a19bae39eeba6f65423b6e1ca6fb

    SHA512

    14c3c34c8c365aa8cda6e01e5e4900f63827751289b61ea979fe42cbdb19bc2b56979b1602a6d144bd34b07ed5ba959a94087bdf9ae744eb52abfb46482994ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoCB0.tmp\System.dll
    Filesize

    12KB

    MD5

    564bb0373067e1785cba7e4c24aab4bf

    SHA1

    7c9416a01d821b10b2eef97b80899d24014d6fc1

    SHA256

    7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

    SHA512

    22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

    Download Submit

  • memory/2820-16-0x00000000020D0000-0x00000000020DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-41-0x0000000000150000-0x0000000000250000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2820-48-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-47-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-46-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-45-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-44-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-43-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-60-0x0000000001F50000-0x0000000001F54000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2820-39-0x0000000006C60000-0x0000000007060000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2820-40-0x0000000000150000-0x0000000000250000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2820-42-0x0000000001F10000-0x0000000001F11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2820-35-0x000007FEF5B80000-0x000007FEF5CB1000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2820-15-0x00000000020D0000-0x00000000020DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-17-0x00000000020D0000-0x00000000020DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-10-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-11-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-12-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-13-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-14-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-9-0x0000000001F50000-0x0000000001F5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2820-8-0x0000000001F10000-0x0000000001F11000-memory.dmp

    Filesize

    4KB

    Download