Overview
overview
8Static
static
3netmarble_...43.exe
windows7-x64
7netmarble_...43.exe
windows10-2004-x64
8$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3General
-
Target
netmarble_7dsgb_A_installer_80943.exe
-
Size
241KB
-
Sample
240523-a2fw5sfc72
-
MD5
225a61fe34aa8cc9aa114510cd80e24a
-
SHA1
5c70d05b61a7c1912933f0ebb4f3efaa1482f496
-
SHA256
182986e90e0444d5c1716b87ffafe0e7991343ee7696d3f3d404c12fff15b7ca
-
SHA512
734f03656ad3f80313a02d51ba34840bd7e794974b3d48c4fa3e949d8d48a9f0a4a4aae1e65b07a9bbba0e9cc4a51b1b74af09659029d543c4610b51cf2e3f2a
-
SSDEEP
3072:dbG7N2kDTHUpouAw9aXCvLIaSQmjWAKp3dIcW4PdWlr2tvhOEA1RJCir86SrSrvh:dbE/HU4aaXCTp8ImcpFe2t0EyL+hc
Static task
static1
Behavioral task
behavioral1
Sample
netmarble_7dsgb_A_installer_80943.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
netmarble_7dsgb_A_installer_80943.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
netmarble_7dsgb_A_installer_80943.exe
-
Size
241KB
-
MD5
225a61fe34aa8cc9aa114510cd80e24a
-
SHA1
5c70d05b61a7c1912933f0ebb4f3efaa1482f496
-
SHA256
182986e90e0444d5c1716b87ffafe0e7991343ee7696d3f3d404c12fff15b7ca
-
SHA512
734f03656ad3f80313a02d51ba34840bd7e794974b3d48c4fa3e949d8d48a9f0a4a4aae1e65b07a9bbba0e9cc4a51b1b74af09659029d543c4610b51cf2e3f2a
-
SSDEEP
3072:dbG7N2kDTHUpouAw9aXCvLIaSQmjWAKp3dIcW4PdWlr2tvhOEA1RJCir86SrSrvh:dbE/HU4aaXCTp8ImcpFe2t0EyL+hc
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
25KB
-
MD5
40d7eca32b2f4d29db98715dd45bfac5
-
SHA1
124df3f617f562e46095776454e1c0c7bb791cc7
-
SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
-
SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
SSDEEP
384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
675c4948e1efc929edcabfe67148eddd
-
SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
-
SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
-
SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
SSDEEP
96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1