Overview

overview

8

Static

static

1

Assistant/...64.exe

windows7-x64

1

Assistant/...64.exe

windows10-2004-x64

1

GameHallMain.dll

windows7-x64

8

GameHallMain.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

4

Uninstall.exe

windows10-2004-x64

4

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    232KB

  • MD5

    ad999a53e962ef536c561e2b2def4390

  • SHA1

    61a30e413966ae8093f802700c3fd3ca49f8295f

  • SHA256

    e8b587c65e890926d127ad454fa65ec9f1e0869697c34277a19599cccd48012d

  • SHA512

    2d8cd932d30faa22aed3394783730ae6b0028605e14b357e9713f8d605d58c52c01bdb935d03d145e1f7d8ca6b71ce840a6460c017b7895af8e8568169bc6bb5

  • SSDEEP

    6144:bewfV4DTTTsTTHPTT+PTTaTTbTT6THTTeTTTMTt5kTRTT2PTT7PTT5TT+TTPTTRf:blVITTTsTTHPTT+PTTaTTbTT6THTTeT5

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc327C.tmp\FileInfo.dll
    Filesize

    278KB

    MD5

    7d773d726d5357b27b30ab8de1e42bb0

    SHA1

    593720bf9d9afa5665007304d6fb1502719d02aa

    SHA256

    93edd4c19314537aa106d80c2ed642c15fc6cc2f67e992f35367095c13ab5f68

    SHA512

    6d399e83d6206064a328aa47e18b133c6d5f132449d4a4c791594ab903e015acfc7c23ed8e2b0853ee26e5bcb1333719e20bcf5a13b0d4772461bb06175ea5cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc327C.tmp\System.dll
    Filesize

    28KB

    MD5

    ca1c1129591b793d2753a4c425ef6ef1

    SHA1

    0f417cdd887d57c5839c409b4bb76597af02ed1e

    SHA256

    86ec9f64c3635568a18c11c94e81e8cb20b94e1d97a192132bc55f9281909d60

    SHA512

    1eded730b2e1c51fd8639e56ca532b497777f0ae1f4b5397966335d3c8966c3fb1e46742fa2fc3c84ecf687dbe19f4e3129eb3d1e0b0d72c9c154de18d3af69f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    232KB

    MD5

    ad999a53e962ef536c561e2b2def4390

    SHA1

    61a30e413966ae8093f802700c3fd3ca49f8295f

    SHA256

    e8b587c65e890926d127ad454fa65ec9f1e0869697c34277a19599cccd48012d

    SHA512

    2d8cd932d30faa22aed3394783730ae6b0028605e14b357e9713f8d605d58c52c01bdb935d03d145e1f7d8ca6b71ce840a6460c017b7895af8e8568169bc6bb5

    Download Submit