Overview

overview

4

Static

static

3

319bdb3c6c...a0.exe

windows7-x64

4

319bdb3c6c...a0.exe

windows10-2004-x64

4

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    319bdb3c6ccb3d7982f122fccd64d56573a5ac4a155b5d3f3860068a8dff4aa0.exe

  • Size

    109KB

  • MD5

    6b96ad9bb31cca0606a570cb8d713542

  • SHA1

    187825b5d7e87ed14fe0ffdbc71b9bc3c81775e3

  • SHA256

    319bdb3c6ccb3d7982f122fccd64d56573a5ac4a155b5d3f3860068a8dff4aa0

  • SHA512

    56611c417ab9917020b4a3cf83be229bf71ef6601b53f49d3bd21e99f4a1c372ea3b087d29a9ba66eaf4c3373c840ea6fbe40ea6b0af8f72f49e1c96c0673043

  • SSDEEP

    3072:FXK9qKo9bH1rumI4sgF00IsMHOMELaelyEUsF5i2:FXFKo5eXQffUsj/

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\319bdb3c6ccb3d7982f122fccd64d56573a5ac4a155b5d3f3860068a8dff4aa0.exe
    "C:\Users\Admin\AppData\Local\Temp\319bdb3c6ccb3d7982f122fccd64d56573a5ac4a155b5d3f3860068a8dff4aa0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc4C7B.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    1d8f01a83ddd259bc339902c1d33c8f1

    SHA1

    9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    SHA256

    4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    SHA512

    28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
    Filesize

    109KB

    MD5

    6b96ad9bb31cca0606a570cb8d713542

    SHA1

    187825b5d7e87ed14fe0ffdbc71b9bc3c81775e3

    SHA256

    319bdb3c6ccb3d7982f122fccd64d56573a5ac4a155b5d3f3860068a8dff4aa0

    SHA512

    56611c417ab9917020b4a3cf83be229bf71ef6601b53f49d3bd21e99f4a1c372ea3b087d29a9ba66eaf4c3373c840ea6fbe40ea6b0af8f72f49e1c96c0673043

    Download Submit