Overview

overview

7

Static

static

3

Voice.ai-D...er.exe

windows11-21h2-x64

7

$PLUGINSDIR/INetC.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

Resubmissions

29-04-2024 01:03

240429-bebvcade85 7

29-04-2024 00:59

240429-bcdadsdh2x 7

Analysis

  • max time kernel
    102s
  • max time network
    91s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-04-2024 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Voice.ai-Downloader.exe

  • Size

    477KB

  • MD5

    40ffaea0c96bc8fd1ac022ecf287980b

  • SHA1

    c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14

  • SHA256

    100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e

  • SHA512

    cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd

  • SSDEEP

    3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:5052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy4F69.tmp\INetC.dll
    Filesize

    21KB

    MD5

    2b342079303895c50af8040a91f30f71

    SHA1

    b11335e1cb8356d9c337cb89fe81d669a69de17e

    SHA256

    2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

    SHA512

    550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4F69.tmp\System.dll
    Filesize

    12KB

    MD5

    792b6f86e296d3904285b2bf67ccd7e0

    SHA1

    966b16f84697552747e0ddd19a4ba8ab5083af31

    SHA256

    c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

    SHA512

    97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4F69.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit