Overview

overview

7

Static

static

3

6dfb490d34...18.exe

windows7-x64

7

6dfb490d34...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

Help.chm

windows7-x64

1

Help.chm

windows10-2004-x64

1

Right Clic...er.exe

windows7-x64

1

Right Clic...er.exe

windows10-2004-x64

1

Tools/File...or.exe

windows7-x64

1

Tools/File...or.exe

windows10-2004-x64

1

Tools/File...lp.chm

windows7-x64

1

Tools/File...lp.chm

windows10-2004-x64

1

Tools/New ...lp.chm

windows7-x64

1

Tools/New ...lp.chm

windows10-2004-x64

1

Tools/New ...or.exe

windows7-x64

1

Tools/New ...or.exe

windows10-2004-x64

1

Tools/Righ...lp.chm

windows7-x64

1

Tools/Righ...lp.chm

windows10-2004-x64

1

Tools/Righ...IE.exe

windows7-x64

1

Tools/Righ...IE.exe

windows10-2004-x64

1

Tools/Righ...lp.chm

windows7-x64

1

Tools/Righ...lp.chm

windows10-2004-x64

1

Tools/Righ...er.exe

windows7-x64

1

Tools/Righ...er.exe

windows10-2004-x64

1

Tools/Righ...32.dll

windows7-x64

1

Tools/Righ...32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tools/File Types Editor/File Types Editor.exe

  • Size

    1.1MB

  • MD5

    9e9c42d75c0e30dd878ea8f232e559db

  • SHA1

    5083b9d004012a941542f0f86d67bd55efcceeea

  • SHA256

    42251a6f96751ec73c19138b735d1c9814c20dab977fe85d98a6b0bab80f907b

  • SHA512

    941b4ab8a156a1a27ecc3bfbfe24023d08218280485a7209c014f7b38e17d63cc5dc2ac0103920592bad3c3ae90f8179c62e47d52ccad606dcbf6cd03dc0304e

  • SSDEEP

    24576:8EHJDR4V9Jc+iObKmBgeSAZH4puTDgn+UVV:8EHJDR4VfH4puTDg/

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tools\File Types Editor\File Types Editor.exe
    "C:\Users\Admin\AppData\Local\Temp\Tools\File Types Editor\File Types Editor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d0x4bl4o\d0x4bl4o.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5068
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4110.tmp" "c:\Users\Admin\AppData\Local\Temp\d0x4bl4o\CSC35898C5A2B6C4B0E948DA63B4EB4BC3.TMP"
        3⤵
          PID:64

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\crashreporter.net.dll
      Filesize

      209KB

      MD5

      8ea85ddcf9567d94eb810cceade3e283

      SHA1

      816caab6ad5f3d458ad647bf57ba78613670a309

      SHA256

      d741c0db01ac303882ce522fcdb18bcb97c7fd7d07c5e85502cd135912a42d9d

      SHA512

      8753af9dfba71e65b29414a3da17e677aa8cfe04a6e7fe179e7bae8c2233a8e34af992385e8a63d3d126d219f22035dadbf09ed3a1b5e79e87c4cd326932691a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\helperfunctions.dll
      Filesize

      26KB

      MD5

      bff23d834ece5591a51d0019e7134f5e

      SHA1

      a77f17537c4dcf9fd42a5efb7a4e92349368fa35

      SHA256

      a1edec95452f32ea1149b0f0c4d8ec16bd9affde1c448c06efa8af179d00715f

      SHA512

      1d1ca50d272596da767383b9637b6297522bb03ac3928c6d73c99f753044c0720c0dadb9f3610b450dd54a0b7768e9255b3379621a588a3ff3e5d23941240d04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\nlocalizer.dll
      Filesize

      44KB

      MD5

      4810d5c121e9ed033df89387f7ce9f50

      SHA1

      7b08ac2b56fd6355d2c7934bac863a0cd39d95f2

      SHA256

      edf332d48066b8b2eb852b8b8d899ee73cc48c82e87a235a3b7ca73fcbdae220

      SHA512

      608b8343b685876a3f0d78727ed0f1c581faac9f9a3c648e9f4c45dd9b80f1d6810600c23787fcd82761f2f937615b0cca121b35920d4e9a2c9b38a2861c881f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\objectlistview.dll
      Filesize

      434KB

      MD5

      b490bb6c6bbb4af7c43c15071c0e5034

      SHA1

      828a03191d6df0d17975007f6bef8c56e371069d

      SHA256

      0b94b3824761723400dc0357e7d490085a5ccf3415e332155c5b8d6c7bfb8788

      SHA512

      27c60b0c7e85d22249332aeaf5fe1f0d6083e8f68cc461e4e97e3a394e108601378fd2bc7ec39c1fc2dc8338db87f5555511337e95921d63ab9ff7d5d18056a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RES4110.tmp
      Filesize

      1KB

      MD5

      72837513a7d1b39c777f9b037f5408db

      SHA1

      33521d3ebf278412ae666658c37b51f969687ac0

      SHA256

      bc915c15b3c8ce1371fb5bf4766cfc52bdea7576178dcf7f1460dd1f6621fc99

      SHA512

      258309dcb4ef328fdcf1df116bb23f97a2f068865211d2042ba8737d6daa63fd206964faacb44b19125c2231913e53349dcaf57fabe6422e63baa36bc3d1a7dd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d0x4bl4o\d0x4bl4o.dll
      Filesize

      20KB

      MD5

      5fa8480b2394c030f21a2a03636b30df

      SHA1

      ce783690f55e3ffa661782b011b4f5ee37b56592

      SHA256

      ed90479d89e7d6aae2e4c26fce9b095d271ab100cd436701668f9b227567412d

      SHA512

      d06299a16d1a90f49e2e1472d615ddf24e520bebf1c9ccbfd157d9342372c0ca09d260b8a4df7f6188040575a865d3875bf4d1bf66c4caba04e0cd2f29d8e398

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\d0x4bl4o\CSC35898C5A2B6C4B0E948DA63B4EB4BC3.TMP
      Filesize

      652B

      MD5

      a3f07bab50789041c0ed6962582579db

      SHA1

      774ce2ee97b10c6014d903343917010a2a2ba642

      SHA256

      26951125927cdac78553c7f79d5bdad10822272c100fb3602a9eaa51e7f0f9ad

      SHA512

      6c4acb2d2f8350bc79f5f0dc5145943efeed8d4e6301df8e8fcc6a4c9d9ce22379a8966792c4f82a3731ec03750d5a0a11e58d1d1e418407d8947dc15eb0bfb7

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\d0x4bl4o\d0x4bl4o.0.cs
      Filesize

      39KB

      MD5

      987839477c1efeca2a82731de32c41ee

      SHA1

      d0097ff99bd56b44e3335e036b2ffe417d0bd9fa

      SHA256

      04f14368365f3ee4fbee6d1398ef6e8610dd39c067d43919041c7a104476232c

      SHA512

      4ce1361ee93ed817c4106bf001c35a082ba12ee9861dd48744e0d77f13a966672d986a07600c9a06c4f45a1f8761114430cfca304474f5823d13e749c89e43f6

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\d0x4bl4o\d0x4bl4o.cmdline
      Filesize

      1KB

      MD5

      798f701c9b1195a4eab3f9af14e9a02d

      SHA1

      355776e3181ab0b18bf0b17f181166d9b23ea5ad

      SHA256

      89db4a28d8f32ad027deec795ec1160261fc1f4571563e9c44c38185abf52f86

      SHA512

      ff7565b0438dbdb40a463224de3bf94b7d52b9fea7d2bd56da320ce67a748fb6d98d6901c1c82bc93a3f137a9f5d3af059a48617ccd2d455fa59d70f0eb3ada0

      Download Submit

    • memory/2520-27-0x00007FF974AC0000-0x00007FF975581000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2520-18-0x000000001B0A0000-0x000000001B0AE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2520-29-0x000000001DDC0000-0x000000001DDD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2520-26-0x00007FF974AC0000-0x00007FF975581000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2520-25-0x00007FF974AC0000-0x00007FF975581000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2520-22-0x000000001B5A0000-0x000000001B614000-memory.dmp

      Filesize

      464KB

      Download

    • memory/2520-48-0x000000001B6B0000-0x000000001B6BC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2520-1-0x00007FF974AC3000-0x00007FF974AC5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2520-14-0x000000001B3E0000-0x000000001B41A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2520-0-0x0000000000380000-0x000000000049E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2520-50-0x00007FF974AC0000-0x00007FF975581000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2520-51-0x000000001B7C0000-0x000000001B969000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2520-52-0x00007FF974AC3000-0x00007FF974AC5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2520-53-0x00007FF974AC0000-0x00007FF975581000-memory.dmp

      Filesize

      10.8MB

      Download