Overview

overview

7

Static

static

7

plugin1.exe

windows7-x64

7

plugin1.exe

windows10-2004-x64

7

plugin2.exe

windows7-x64

7

plugin2.exe

windows10-2004-x64

7

插件升级.exe

windows7-x64

7

插件升级.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugin1.exe

  • Size

    2.0MB

  • MD5

    b195e7e16f89ac53a504c5b8d80fdf43

  • SHA1

    042894b9486a0f04884a0b26ed4a486ad8c77ef0

  • SHA256

    41d60178ee87a1eeee563c0935fe646ecacca616513c421799dd1d030c133f42

  • SHA512

    aeef61ab25a0301ee1ff036c64ae2c6551d0425aa9a8d10f52535f8b02f6a8e666dc491c87a1e322f7f279eeb6d783da7340b2d585ef836527c429172b4c5af8

  • SSDEEP

    24576:gjbmYip1rVvX8iGIOzvNuupB9eY6ltE4i9tw8LQ8Jz0j6W9mWWRqedXbA3g:gjjip1minONua9eYl9tzCj69RRk3

Score
7/10
persistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\plugin1.exe
    "C:\Users\Admin\AppData\Local\Temp\plugin1.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ods.log
    Filesize

    1KB

    MD5

    312a9986feba56724a2c0c16f3efac49

    SHA1

    45c4c3295a762990ba83f7c4e7b1c90ed6b30d62

    SHA256

    f814bbdcab1470bf5a76f090c643a83fa4cd003d717226e13cc81b6175fe7a41

    SHA512

    f0291b7f4b1127261f1f8edf047806d34a1caf88448b1ce7c70f06ec269123123090e00124ed078d6c5cd2861369fce947a8ff3cd176bf15eafe3c9742b0aa1f

    Download Submit

  • C:\ods.log
    Filesize

    4KB

    MD5

    5ae0794eb277c3af742e09cf36f26cfc

    SHA1

    d20f8ae4ba1d5b61c06ff3a87c64d75034f6783d

    SHA256

    42890ea66a6b5ba21f4b20c893d4f29348ff397a0d9de23871eccfdb28ee74c1

    SHA512

    6cdc943b9fb83fa67a83d30693b15733f686ab3854cff58fac7143c353003e1299052198310a935b15bd29642f52ab757892c6597d604c54c5f16e76d4502286

    Download Submit

  • memory/3004-9-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-3-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-7-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-6-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-5-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-2-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-0-0x0000000001240000-0x00000000014F5000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3004-8-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-32-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3004-4-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-39212-0x0000000001240000-0x00000000014F5000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3004-49914-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-55467-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download