Overview

overview

7

Static

static

7

PowerISO-7....5.exe

windows7-x64

7

PowerISO-7....5.exe

windows10-2004-x64

7

$PLUGINSDIR/Aero.dll

windows7-x64

7

$PLUGINSDIR/Aero.dll

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/Powe...eg.exe

windows7-x64

7

$TEMP/Powe...eg.exe

windows10-2004-x64

7

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...gp.dll

windows7-x64

3

$PLUGINSDI...gp.dll

windows10-2004-x64

3

$R0.exe

windows7-x64

1

$R0.exe

windows10-2004-x64

1

devcon.exe

windows7-x64

1

devcon.exe

windows10-2004-x64

1

piso.exe

windows7-x64

1

piso.exe

windows10-2004-x64

1

setup64.exe

windows7-x64

1

setup64.exe

windows10-2004-x64

1

$TEMP/temp/packeg.exe

windows7-x64

1

$TEMP/temp/packeg.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/temp/packeg.exe

  • Size

    268KB

  • MD5

    89f8d47f229b180a0f12aac549acf326

  • SHA1

    ce651850df6206b8c5f598ad5751c6d9d2a4869c

  • SHA256

    9a03ccee5cdc83a3a51d43c78ff093da3d4e1faaa158e4b653e7614a14dd549a

  • SHA512

    f0f63d0530b6be19427fb3aa311f758c5edf38ce42e4c26706d408abe868b3832d8b3e8b79a6a7fcad44704f7cc1a8e8407f7cc3a2c78269ee1e689e6b767758

  • SSDEEP

    6144:nnqKQ2Oq3ScuA05A+O4PlDfZIkbaRF30zsmJHyUgbdZF:nqhq3M5A+XfhaD3MFy1BZF

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\temp\packeg.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\temp\packeg.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads