Overview

overview

7

Static

static

3

6dfb490d34...18.exe

windows7-x64

7

6dfb490d34...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

Help.chm

windows7-x64

1

Help.chm

windows10-2004-x64

1

Right Clic...er.exe

windows7-x64

1

Right Clic...er.exe

windows10-2004-x64

1

Tools/File...or.exe

windows7-x64

1

Tools/File...or.exe

windows10-2004-x64

1

Tools/File...lp.chm

windows7-x64

1

Tools/File...lp.chm

windows10-2004-x64

1

Tools/New ...lp.chm

windows7-x64

1

Tools/New ...lp.chm

windows10-2004-x64

1

Tools/New ...or.exe

windows7-x64

1

Tools/New ...or.exe

windows10-2004-x64

1

Tools/Righ...lp.chm

windows7-x64

1

Tools/Righ...lp.chm

windows10-2004-x64

1

Tools/Righ...IE.exe

windows7-x64

1

Tools/Righ...IE.exe

windows10-2004-x64

1

Tools/Righ...lp.chm

windows7-x64

1

Tools/Righ...lp.chm

windows10-2004-x64

1

Tools/Righ...er.exe

windows7-x64

1

Tools/Righ...er.exe

windows10-2004-x64

1

Tools/Righ...32.dll

windows7-x64

1

Tools/Righ...32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tools/Right Click Editor IE/Right Click Editor IE.exe

  • Size

    1.1MB

  • MD5

    290fe9e93925f973e50465bd696b60d1

  • SHA1

    765cd260fce3464e8ff95a9342ad0bcd54158d46

  • SHA256

    73c64885a3800984ce85f0a60133bd38461ac6753a453fd62b9f562dc7975b1d

  • SHA512

    f8ffc1d1f0a5edbe8449dd62b3c7145aa150cf47c2ac93d01475c81ad3454af88f64b3334b18e28acada17b492c8053867d527dd66d782e5eb2d6bd336c890bc

  • SSDEEP

    12288:cGrXG4VF/ET0cbiiUz/bKmB2w0jecD33ybZH4puTDgn+XULR:9i4V9Jc+iObKmBgeSAZH4puTDgn+ULR

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tools\Right Click Editor IE\Right Click Editor IE.exe
    "C:\Users\Admin\AppData\Local\Temp\Tools\Right Click Editor IE\Right Click Editor IE.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bff51bcq\bff51bcq.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5104
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4DC2.tmp" "c:\Users\Admin\AppData\Local\Temp\bff51bcq\CSCAA29EDB27654417FB8DA9CFACE2D61.TMP"
        3⤵
          PID:864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\crashreporter.net.dll
      Filesize

      209KB

      MD5

      8ea85ddcf9567d94eb810cceade3e283

      SHA1

      816caab6ad5f3d458ad647bf57ba78613670a309

      SHA256

      d741c0db01ac303882ce522fcdb18bcb97c7fd7d07c5e85502cd135912a42d9d

      SHA512

      8753af9dfba71e65b29414a3da17e677aa8cfe04a6e7fe179e7bae8c2233a8e34af992385e8a63d3d126d219f22035dadbf09ed3a1b5e79e87c4cd326932691a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\helperfunctions.dll
      Filesize

      26KB

      MD5

      bff23d834ece5591a51d0019e7134f5e

      SHA1

      a77f17537c4dcf9fd42a5efb7a4e92349368fa35

      SHA256

      a1edec95452f32ea1149b0f0c4d8ec16bd9affde1c448c06efa8af179d00715f

      SHA512

      1d1ca50d272596da767383b9637b6297522bb03ac3928c6d73c99f753044c0720c0dadb9f3610b450dd54a0b7768e9255b3379621a588a3ff3e5d23941240d04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\nlocalizer.dll
      Filesize

      44KB

      MD5

      4810d5c121e9ed033df89387f7ce9f50

      SHA1

      7b08ac2b56fd6355d2c7934bac863a0cd39d95f2

      SHA256

      edf332d48066b8b2eb852b8b8d899ee73cc48c82e87a235a3b7ca73fcbdae220

      SHA512

      608b8343b685876a3f0d78727ed0f1c581faac9f9a3c648e9f4c45dd9b80f1d6810600c23787fcd82761f2f937615b0cca121b35920d4e9a2c9b38a2861c881f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Costura\FEECB8783120788D8CC5C5AD6A72E859\objectlistview.dll
      Filesize

      434KB

      MD5

      b490bb6c6bbb4af7c43c15071c0e5034

      SHA1

      828a03191d6df0d17975007f6bef8c56e371069d

      SHA256

      0b94b3824761723400dc0357e7d490085a5ccf3415e332155c5b8d6c7bfb8788

      SHA512

      27c60b0c7e85d22249332aeaf5fe1f0d6083e8f68cc461e4e97e3a394e108601378fd2bc7ec39c1fc2dc8338db87f5555511337e95921d63ab9ff7d5d18056a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RES4DC2.tmp
      Filesize

      1KB

      MD5

      f71d97be14e0409af31fb68266aa0fa7

      SHA1

      8adccab3614cb53b146f516ca943d2ce9196070e

      SHA256

      09c1ae6c88a1a3b893246807e71e5b85500991e6752933541c5ac4fb8a9cddd6

      SHA512

      1e6f49633839b3dd7fdfa39147ad9d497499f5007e71061f781a6c96c892b23e018fd3ad6df1a486ba8dceb70a3db0544ac36b692172401aa18a1c1b2fe82cef

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\bff51bcq\bff51bcq.dll
      Filesize

      12KB

      MD5

      d058914a3149b4ce090e4f17f6f29aef

      SHA1

      58491928506fc32f228ae59c93258cf3697b7b40

      SHA256

      912ebb4369d42d83f7996231f475f1d4298243f7c752c0015d93458a8224c294

      SHA512

      71dc9f2c368faad838acac6527418242be321f3198be7dfa8c22ef23d9fc23370d1b4bcf9f47fe5361671362d7d827fd663ab14212fff52c68fb835113558e8f

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\bff51bcq\CSCAA29EDB27654417FB8DA9CFACE2D61.TMP
      Filesize

      652B

      MD5

      55694c43ff4b5e593441fbdf1734c49f

      SHA1

      485ae7be181ad47cc3b90110f0358190c0ae19d9

      SHA256

      14253a081d229f34135ae8687106162f0ffc758088e954c797e99a062816b6db

      SHA512

      e81843667c8425587b181415c5ff26565362e9b7a9398770f811a76bcbea66b3ac66e8c5cd5aa5421c663af7c0deb89349d95d1cbb0841e2bbe8ddd6a3167d72

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\bff51bcq\bff51bcq.0.cs
      Filesize

      23KB

      MD5

      13e7468492ea8916b8e55b051e41a5c9

      SHA1

      e00ea086ea82beac7790048aa521884c68576f02

      SHA256

      9d32585a35eabd51a6a0f68edd8472b3f1599961f5f1929aeb041e0b24764f19

      SHA512

      273327aced9f3b397abee313ebf0ef6570dac2ca9c02d59ca658fa8be7177c9f6ee2497f831af9cfd38805ed98337f790895a024efa92df3faca69b55419ea4d

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\bff51bcq\bff51bcq.cmdline
      Filesize

      1KB

      MD5

      fd82563379d1f747ede4df7b82e76ecc

      SHA1

      877da88250571286ea0efd04c410641078f197f7

      SHA256

      476b7ad4b6d060ed6d98d51169bcf88f2c35176832a56560babd08f90583378f

      SHA512

      3752843ae166d0056fa394a7b83a3097fe0d6da9f1c1d7dcb40f320032cea59753efae893ef03eced095f4940086b000b169faa694fa04a0ee835dfee677bddb

      Download Submit

    • memory/4224-18-0x00000000022D0000-0x00000000022DE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4224-22-0x000000001B2A0000-0x000000001B314000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4224-31-0x00007FFE30350000-0x00007FFE30E11000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4224-28-0x000000001DAE0000-0x000000001DAF2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4224-26-0x00007FFE30350000-0x00007FFE30E11000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4224-25-0x00007FFE30350000-0x00007FFE30E11000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4224-1-0x00000000000A0000-0x00000000001B8000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4224-14-0x000000001B0E0000-0x000000001B11A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/4224-48-0x000000001B290000-0x000000001B29A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4224-0-0x00007FFE30353000-0x00007FFE30355000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4224-50-0x000000001B4A0000-0x000000001B649000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4224-52-0x00007FFE30353000-0x00007FFE30355000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4224-53-0x00007FFE30350000-0x00007FFE30E11000-memory.dmp

      Filesize

      10.8MB

      Download