Overview

overview

8

Static

static

3

432fbc7a96...e5.exe

windows7-x64

7

432fbc7a96...e5.exe

windows10-2004-x64

7

$PLUGINSDI...ox.dll

windows7-x64

3

$PLUGINSDI...ox.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

DeskTopTips.exe

windows7-x64

1

DeskTopTips.exe

windows10-2004-x64

8

DuiLib.dll

windows7-x64

5

DuiLib.dll

windows10-2004-x64

5

DumpReport.exe

windows7-x64

1

DumpReport.exe

windows10-2004-x64

1

IEProxy.dll

windows7-x64

5

IEProxy.dll

windows10-2004-x64

5

KXShortcuts.exe

windows7-x64

1

KXShortcuts.exe

windows10-2004-x64

3

KwDataDef.dll

windows7-x64

3

KwDataDef.dll

windows10-2004-x64

3

KwHttp.dll

windows7-x64

5

KwHttp.dll

windows10-2004-x64

5

KwHttpRequestMgr.dll

windows7-x64

1

KwHttpRequestMgr.dll

windows10-2004-x64

1

KwLib.dll

windows7-x64

5

KwLib.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    432fbc7a96000d736691968335349be5.exe

  • Size

    5.1MB

  • MD5

    432fbc7a96000d736691968335349be5

  • SHA1

    686e567a3de7d523925cdb81e395f39393045f0f

  • SHA256

    97cf70062f25b360a517a632165ac3d0f0a28de8cc332438694be046db8d349c

  • SHA512

    7df599dea8f99f14003bf903d4b9bc530f9b8f191843961661cedcf0f69eea86500508bfd59320cb331d75001f1cafaff1f3ccd87cfe0b537ac95fcc1bed1c79

  • SSDEEP

    98304:PwdiLvNFvHdNE7cUmOUOLW8thpv86EFptzmi4/XsbZmllNZ7pbxHi:IdiLvN5dvUFUvIhpk6EPtzp4eZmlBXi

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\432fbc7a96000d736691968335349be5.exe
    "C:\Users\Admin\AppData\Local\Temp\432fbc7a96000d736691968335349be5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\agree1.png
    Filesize

    2KB

    MD5

    626d4108aa0f3501aece6df49cffaa80

    SHA1

    b5d3201e5a32ddb0776bf3717326ba1a3ea68f26

    SHA256

    da3ab4d711c623a8aa15be8aa2262233820fbea1466b90af532fa47afa7250a1

    SHA512

    31eb035065ae553eacf95d95da1b0b4be0425ab8bb738667d6e526e5d569bc99ba53504ab4e1f96be88a1aebcb297dca693a0a07961d13f780052a5fb919fd1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\agree2.png
    Filesize

    2KB

    MD5

    f5eceeebb34fcf898394a19a84cf9408

    SHA1

    4496f3795e79a9e56d80e52dfb829ee038932f53

    SHA256

    f75ec895308c5ebf875a8f2e8324add7fc42788a238fddb55e657557050d6ec5

    SHA512

    c7265bb575fe563db2b13608f501c632bbd884250cc0608eb586ca934010b125bf8ce59f19eeb3ac30a56e9e8c95db23a5fa50897c9fbbafafec98f063da01e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btinsl.png
    Filesize

    3KB

    MD5

    a146851363f06ca7e5781f74760c0ba9

    SHA1

    1c4a2ed9240280a9190c6e758b0482eabdb4a225

    SHA256

    69056cc71db03210d86d90698edf7588633ff573c8992f4f1c27fe8aec5ef601

    SHA512

    7fafb2a34a3be701e7419678124667e91f8789268387609d939e9c6e7b2ca3f0c139b1917eccf5e2fe020642402c86533b9e8b50dbf3b0786eaa94f7d890a4a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btnd.png
    Filesize

    2KB

    MD5

    721d46b588dcb1f140693a56b7954e38

    SHA1

    939755d89e3403b4e8460400b5fd95df13ca8f02

    SHA256

    31391f6418ba2de8f0a17a2d13adcaa8ea3920df8e44ecec5eb51e96abc2ae9e

    SHA512

    1e0da1a78cd2ade8cf1e31c54a0a448a514fae99fd8095fce410b8a38cc03726b1eff6cf8ff829969fcbfed76ec2f4d39cfd134528569c3c99249e6b749316c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btnh.png
    Filesize

    2KB

    MD5

    23b2c40f0c7de0232d3c9460ef23bb76

    SHA1

    1d1bea0509538817d98492e772e21bf9b10e882f

    SHA256

    522e390be1f4ef4e28f130f083f6e7240ed82f9814c898235033bcfea3be2918

    SHA512

    7e2498db4917289f8329ee3f4a3d8427edcee9ebe1d6caa57b139ca8c00d912a091b433fce3efcdeed49551e5eefe99dee641b7113d4af2df55fe054b509ec0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btnn.png
    Filesize

    2KB

    MD5

    e19853308832835b2daac1df79f14a20

    SHA1

    9e7548f69d2e112bfd1f25f279cb05c95c3044d4

    SHA256

    e2753ec65103af5cb736599cf294458e985c4b2bf743c1250221b893c715492e

    SHA512

    4d0f70a6a52abe5f6a1eb424b29af855187496402ef61dd4348b016943b7c16d4655256fa568e48fcd62b86a7942b70c63c4a93b94145f4b83a799eb3b8d01f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btnn01.png
    Filesize

    1KB

    MD5

    6d112bd8f2385dbb95469e7390602146

    SHA1

    2ab7f1d717e38aa6c54f194e522f3a554a51f8e9

    SHA256

    fbc39f04d2cb94d6dcc6dcad4179d90b28cfeae88a35537fc353c6361645dbce

    SHA512

    0e9693506ca8695e7d8770900fcd6edc397486a93dfc41d1a8a80b223b9f20df9de6ca32840cd90e1bd8972b77709d0b104720fc43b6196df37016338dab7b7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\btnp.png
    Filesize

    2KB

    MD5

    d22437fff1b15f22fbfde77efc010608

    SHA1

    3edac17a09ea4283f084a7c00d587b273d52437a

    SHA256

    51c48b41207f19890e2271336b07156aba1fb616e6c508006bf50e1b01bc7387

    SHA512

    4430d54fe7165cee972c115fc3fc128225348957951386b976baf44bb0c4f7918cfc0ae7ffb845ed917288fb9ecb679a945b4da8c9b185ca2db931910233777a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\checkc.png
    Filesize

    3KB

    MD5

    3b33bbc9ffcbc30f1c8b85db2934620e

    SHA1

    aaec3abe3ce7f8cd10c263bfca89c15ca0bf8291

    SHA256

    7863b894446dc6f39fa7d445390e5ee11a6f53cb790b21392a10c0bfca654a59

    SHA512

    340ed7f371a31df998729c3cc271e15b8e0bc7e32b1f39172bfc78f5a82a6e3b2411624a8f8da345b5103cd09a3fca20cb4bcc1a4961ee4d040ceb85c1872df5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\checku.png
    Filesize

    2KB

    MD5

    df829ee050c16c190ee232c9cb60a27c

    SHA1

    5436d64b239fc5d669706d7e210c4c744156eb43

    SHA256

    0bedb4bf1fa41862b9a1f3f369244f33e1cbdebe1ebe7ecdea36dba18e07c550

    SHA512

    ac92efcce24bfbdcc7d8b1cdaae562f48b7a50fcc93580f9cb34aef9f4cdfa0ca1dc4290c1823b49f52f54e04c09c885f78fa4fcd362e087c1fbc20d9bcc21e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\close0.png
    Filesize

    1012B

    MD5

    22c79142115abf11fc70ca6338d8c613

    SHA1

    20f64bbff02d9dc00656935127f7897ccc82d14d

    SHA256

    6c1e2777fd8a86bf568cf9c2bc8923464507b5dbd9c3e3e39b8ca065523a33df

    SHA512

    5fac50e63d2b1ab0b5c2129cb0f8022eb68f7143937010622c8df008abd0b9d9d666de06ca13ec7ba9276ff7555910a75276534e65b6914edf182fc424358d53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\directory.ini
    Filesize

    7KB

    MD5

    a28eca6c4530a796f744c5b927518b49

    SHA1

    c7f4ab2ec99937c6d2bbebe25a048edf4915851f

    SHA256

    437a42366cf440b0ea8fb5f7e00b4b7fd7d773c6800ab5362ed8d0979447b61c

    SHA512

    dca2fc3d9cf80cd1a1984aa2d81c5d4ff2f59b67035d8d149e36496c8c8dcfbd31156631f281c42de1873511af8652c66a808dbb182c447ab7ce11d6384cc6ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\main.ini
    Filesize

    4KB

    MD5

    fabfdafd82626b6cf357d3bd16632a2d

    SHA1

    fa3d0340aa64d3909341c1efecd2ed9cdefca376

    SHA256

    8adc7c3b7677f319c7006afa4dce3f5d0400cd9035179d0fd5ab334396663225

    SHA512

    85c64ff4d7703fd5db7ea5b7e5648f3faf63110ec358ea998ae6184fc7552b2146018626f4432275d55086d8291cec105983fd928e094452a2a6b4fdd5dda397

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1778.tmp\KuWoRes\minimize0.png
    Filesize

    944B

    MD5

    ebd1027b58e361557868c155315dc724

    SHA1

    e5ce3b3f851016d90e83b9c6b9fa2ed0ffce1fa9

    SHA256

    3e38efcc2980c697753d7c1762b327073b5f4a4d85205dc7dcb44784907650c3

    SHA512

    249fb02ab630254f14246d529afdb0e1c4da26b016575f6474969b2e7ac50067aae75c390fb3692bed2b8daa457c6747a48854be18149c4636d063565ded0bab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1778.tmp\KWGameBox.dll
    Filesize

    183KB

    MD5

    8e0735b36577544675bd2508e9c4b62f

    SHA1

    17da8421f07cefb3ea39e90f499a62fe6925cab2

    SHA256

    271fe57637b2bee081bdedafe01c8030ccceecd727b6f0495c71f575a00da939

    SHA512

    aae985be67fa9521b79c3efc6841d7de9cdc018e80eac61771ce34181975a992944249b03366b79614b13ff77a760679d918193b15263d0846d2412564e9223d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1778.tmp\KillProcDLL.dll
    Filesize

    4KB

    MD5

    99f345cf51b6c3c317d20a81acb11012

    SHA1

    b3d0355f527c536ea14a8ff51741c8739d66f727

    SHA256

    c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    SHA512

    937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1778.tmp\System.dll
    Filesize

    10KB

    MD5

    0ae9c427fe7bbbbf1368c1c6d3933ae7

    SHA1

    c8e5131613302531c88512dada29a18886259268

    SHA256

    49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a

    SHA512

    59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1778.tmp\nsDialogs.dll
    Filesize

    8KB

    MD5

    ea9831bdfaa5639bf54de71c6b2d828f

    SHA1

    2e54592709bdc071d67fbf798681daf58f748e28

    SHA256

    790a2137bef55443c1b11526cd76110a9d9a352956356b4b254a37ec4d252bbc

    SHA512

    1adcfcd3fad5e3280175362e9ce8197f7c9a59c5cf9ecd2b526f077eccb623c58e1639c0c520e380944e6913db5b8d23936d5cf76932c6475c1533e4506a9876

    Download Submit

  • memory/1424-14-0x0000000000510000-0x0000000000513000-memory.dmp

    Filesize

    12KB

    Download