Overview

overview

10

Static

static

10

rcsetup153.exe

windows7-x64

10

rcsetup153.exe

windows10-2004-x64

10

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_107_/$_1...UI.dll

windows7-x64

1

$_107_/$_1...UI.dll

windows10-2004-x64

3

$_108_/lang-1025.dll

windows7-x64

1

$_108_/lang-1025.dll

windows10-2004-x64

1

$_108_/lang-1026.dll

windows7-x64

1

$_108_/lang-1026.dll

windows10-2004-x64

1

$_108_/lang-1027.dll

windows7-x64

1

$_108_/lang-1027.dll

windows10-2004-x64

1

$_108_/lang-1028.dll

windows7-x64

1

$_108_/lang-1028.dll

windows10-2004-x64

1

$_108_/lang-1029.dll

windows7-x64

1

$_108_/lang-1029.dll

windows10-2004-x64

1

$_108_/lang-1030.dll

windows7-x64

1

$_108_/lang-1030.dll

windows10-2004-x64

1

$_108_/lang-1031.dll

windows7-x64

1

$_108_/lang-1031.dll

windows10-2004-x64

1

$_108_/lang-1032.dll

windows7-x64

1

$_108_/lang-1032.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    55s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2024 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rcsetup153.exe

  • Size

    12.4MB

  • MD5

    5ffb412044b8bfbcda9dab78cf4e8ac5

  • SHA1

    d4e81d90ceaf8179a8b8f112cfa310ec89106dd0

  • SHA256

    b3df198d64ba6f401611f56743bd344c1b02915f9e5d571d271ef8557feaf56c

  • SHA512

    ed5d688e08482e4289c8b74d70398c529cef940379539c8830b44b75385bc1aa5ad5ffd1bcb4f84a193f27064b3fada6b6643ee164c1f4d91479f18c371ea28b

  • SSDEEP

    196608:VzbT8y9mYpOxg521uaSrwizLnyrGB5kVmQ4Sk0OL9MH70Ep+4IhX4kYRd5ekUDGe:V3TXUxgTaSvLn5I2SriMY4+4I1uEkkTF

Score
10/10
privateloaderloader

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rcsetup153.exe
    "C:\Users\Admin\AppData\Local\Temp\rcsetup153.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\System.dll
    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    2f69afa9d17a5245ec9b5bb03d56f63c

    SHA1

    e0a133222136b3d4783e965513a690c23826aec9

    SHA256

    e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    SHA512

    bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\g\gcapi_dll.dll
    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    6c3f8c94d0727894d706940a8a980543

    SHA1

    0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    SHA256

    56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    SHA512

    2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\ui\pfUI.dll
    Filesize

    17.3MB

    MD5

    f7222368c66e02ee333e6fca4fdccb66

    SHA1

    b2c6c1d24f78cb4a6de87eba5480f3a6f6b278b5

    SHA256

    b09f1359c68947c7d13123dda3ab56360b982befb43c134be815934ed4879215

    SHA512

    ab6158735234cbbc7ccfdee3c8e247d196070aa234e6bcb6b4cc6c13b4d0f1c85d84afe5c7d3f98349b32a4d4bc84750335fc9f1d8032e759ea03cea1e11a839

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\ui\res\PF_logo.png
    Filesize

    3KB

    MD5

    079cca30760cca3c01863b6b96e87848

    SHA1

    98c2ca01f248bc61817db7e5faea4a3d8310db50

    SHA256

    8dd37d3721e25c32c5bf878b6dba9e61d04b7ce8aec45bdf703a41bc41802dfa

    SHA512

    3e25c10e3a5830584c608b9178ab062e93e0e9009a7d897bb5e3561180b0b0910bd4178063d982eb33806a005c93931ae2ec5be520ec0d0c9a7c452cb78fd6a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\ui\res\RC_Computer.png
    Filesize

    82KB

    MD5

    67f13e50fa75087ef8c2074a52cc8bb1

    SHA1

    8f31cf48fab91b9e263105289d17c146d088274b

    SHA256

    044ec2d36e9f573d762fc8a43eb09f7b24eb30094a4e61b5d606fd96f72d391f

    SHA512

    44ee943ae440d93d7ec78393749667680abbe379f9e21fb10244362c2c3f9df790170c541aa30a8487ef25952068c78e44dacd48def29aa84cee78d1c1ce63ae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4018.tmp\ui\res\Recuva_Logo_72px.png
    Filesize

    9KB

    MD5

    6a2e01749e591a1ce8216daed41b8721

    SHA1

    a4aa31d936a33eb7d58e809b738184f6b2c7e1c2

    SHA256

    f72782600989eff0aa13ff7c63875538c9042c32b77862475c899514f61c9290

    SHA512

    262e6b6ed89fa30f954dc73c1bb329d9ea256fefa172e12b23610e7c1ab6dad3b698cbcdc010f8c16e90b0bdd6e96d60e8aba50b876d69f9fb1f2889ac14f0fe

    Download Submit