Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 05:39

General

  • Target

    $_2_/Uninstall.exe

  • Size

    49KB

  • MD5

    17af5ad873fc0b6920b16f41638c4465

  • SHA1

    9430c70934d8f7db9fc87705d60f37f8ed2f743a

  • SHA256

    8a340670d6126dbe07f1c41a2dd8652ef23387a6644e281f072c00c3d13ce2ef

  • SHA512

    57cd4bc91c32194e4d64b27b9091e1bc43270b81e46b5dfc0a817066e230d8e37b57cb62e6d3bffaf886a33d53e266cb2d4a603f8bb6a78c42ed969f59123c5c

  • SSDEEP

    768:3ip/4K0wirQK33PaH81Fej4w0kGvFONg4jjfS3XJIJRnvzwU:yZr0wirt3/aEecbsg4sXJ0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_2_\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$_2_\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$_2_\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

    Filesize

    49KB

    MD5

    17af5ad873fc0b6920b16f41638c4465

    SHA1

    9430c70934d8f7db9fc87705d60f37f8ed2f743a

    SHA256

    8a340670d6126dbe07f1c41a2dd8652ef23387a6644e281f072c00c3d13ce2ef

    SHA512

    57cd4bc91c32194e4d64b27b9091e1bc43270b81e46b5dfc0a817066e230d8e37b57cb62e6d3bffaf886a33d53e266cb2d4a603f8bb6a78c42ed969f59123c5c