Overview

overview

8

Static

static

3

3737e4e4ff...04.exe

windows7-x64

7

3737e4e4ff...04.exe

windows10-2004-x64

8

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3737e4e4ffbcc654013a2d52e25fb67092b36c5b80fb9b7e3a1b12ae0560d604.exe

  • Size

    238KB

  • MD5

    8ceb54209abb88fbc1c17fcb1035fb49

  • SHA1

    f255dbe63698aa8d1dbfca2da9a794bf42556312

  • SHA256

    3737e4e4ffbcc654013a2d52e25fb67092b36c5b80fb9b7e3a1b12ae0560d604

  • SHA512

    bacef4eeb7c43bd51daad9d4378f0e0109c58e23cccb305e4625c35706278ded1bff63d255a16315a480e4c36f0d0528fddce53f2bc718fbc83bdb19c1abf6b4

  • SSDEEP

    3072:rdwWsF1XDWLAlcqva7fvYnS4OVzX+nb2O1TJ4TVok7/y:rPs/7y7qAzOnbTJ4TVR7/y

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3737e4e4ffbcc654013a2d52e25fb67092b36c5b80fb9b7e3a1b12ae0560d604.exe
    "C:\Users\Admin\AppData\Local\Temp\3737e4e4ffbcc654013a2d52e25fb67092b36c5b80fb9b7e3a1b12ae0560d604.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd1FA3.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    faa7f034b38e729a983965c04cc70fc1

    SHA1

    df8bda55b498976ea47d25d8a77539b049dab55e

    SHA256

    579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

    SHA512

    7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd1FA3.tmp\INetC.dll
    Filesize

    21KB

    MD5

    92ec4dd8c0ddd8c4305ae1684ab65fb0

    SHA1

    d850013d582a62e502942f0dd282cc0c29c4310e

    SHA256

    5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    SHA512

    581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd1FA3.tmp\blowfish.dll
    Filesize

    22KB

    MD5

    5afd4a9b7e69e7c6e312b2ce4040394a

    SHA1

    fbd07adb3f02f866dc3a327a86b0f319d4a94502

    SHA256

    053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

    SHA512

    f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

    Download Submit