Overview

overview

7

Static

static

3

5ea92cd1af...dc.exe

windows7-x64

7

5ea92cd1af...dc.exe

windows10-2004-x64

7

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...86.dll

windows7-x64

3

$PLUGINSDI...86.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ea92cd1af34a0faf1293afa648e3e1e610d89deaf663b4a75a38fbf03ba99dc.exe

  • Size

    2.8MB

  • MD5

    947a675e4e4f84e6eff78ce0e38c49d4

  • SHA1

    bed973f3e5111c5061a5d77ca142ab456c3afde3

  • SHA256

    5ea92cd1af34a0faf1293afa648e3e1e610d89deaf663b4a75a38fbf03ba99dc

  • SHA512

    c02de2627256abe1065ec6391a464e2aebc85c38777c3b1a85e778573b769e703bfa736f0bb3a311ed47a5eaafc8be399fd5c3ccdd8065f1d2e6345b3ebed049

  • SSDEEP

    49152:UL6oFh9kV1s8ohLikBcjQqzZjwdWdpsenkgt3cpfvl43mTfU6vZma0MK2E:ULjFPs1s8SLvCQq90dCP3qO3b6vP04E

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ea92cd1af34a0faf1293afa648e3e1e610d89deaf663b4a75a38fbf03ba99dc.exe
    "C:\Users\Admin\AppData\Local\Temp\5ea92cd1af34a0faf1293afa648e3e1e610d89deaf663b4a75a38fbf03ba99dc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4284
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:1916
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3928 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2708

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nst277A.tmp\SetupPlugin.dll
      Filesize

      4.5MB

      MD5

      f4ce541995d3590defce492118201c8b

      SHA1

      ea47147a60e43fe52255fa1bc94175569759e14b

      SHA256

      dde544dbdaf387112876e1c07b2f28bf63414b79a99e5874cbef354ebd38c8a9

      SHA512

      6b07de0f1536643b6df443f82e4d89182e85ecc6d22b624a0b3e8a5552afc25bd76bdb94cd6e98206c906cb2bd875bd456a84a9d87a13b506d92530666b84299

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      Filesize

      2.8MB

      MD5

      947a675e4e4f84e6eff78ce0e38c49d4

      SHA1

      bed973f3e5111c5061a5d77ca142ab456c3afde3

      SHA256

      5ea92cd1af34a0faf1293afa648e3e1e610d89deaf663b4a75a38fbf03ba99dc

      SHA512

      c02de2627256abe1065ec6391a464e2aebc85c38777c3b1a85e778573b769e703bfa736f0bb3a311ed47a5eaafc8be399fd5c3ccdd8065f1d2e6345b3ebed049

      Download Submit