Overview

overview

6

Static

static

1

esetonlinescanner.exe

windows7-x64

6

esetonlinescanner.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    136s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    esetonlinescanner.exe

  • Size

    8.0MB

  • MD5

    8181c5c8ff0e5d2b9598ee471a40d564

  • SHA1

    db44dd92d07ff60858a566fc95dcc54819e13dba

  • SHA256

    872391a8d69897f8cfdbec61ffb7629a7be12d510b465edf4c7c0ca795024dc0

  • SHA512

    7ce20f1bd1ba3dac9e9a7e38d22b970434bddf5465154ff13b6874ea7d31668be5ef4270ab13f221c876a3e3c899982bd8600cdde1c987e1bc06e2b80937fdbc

  • SSDEEP

    196608:ED4FEjTjwPDdV5Qm0DBIecySeo7Sw4C8dkxh:ED4FMwrD5Qvyheo7Sw4fdIh

Score
6/10
persistence

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 48 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Registers COM server for autorun 1 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\esetonlinescanner.exe
    "C:\Users\Admin\AppData\Local\Temp\esetonlinescanner.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe
      "C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe" --bts-container 2768 "C:\Users\Admin\AppData\Local\Temp\esetonlinescanner.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3532
      • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
        ESETOnlineScanner.exe
        3⤵
        • Checks for any installed AV software in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:4688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
    Filesize

    14.4MB

    MD5

    4f9689e7c88f5f082a4ac6b6ac0eeb8c

    SHA1

    12f009f222dba1a57ae2d32bc031ce95c00d6827

    SHA256

    094b7ee60c4cd103aba2e86e19ace5d664ec95d07c0f10ff143e55e6e209d458

    SHA512

    d94d1ee2634dc2e2715634b38aad68d7fbe9740705feb7d0a01bdf3e2f5184085dd3d250dc26a6cc361b8d0852afa0ae38a145b0e9c7ee0537d510fe30d66d61

    Download Submit

  • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe
    Filesize

    2.1MB

    MD5

    417a42cf22736839a09d4eb0d80e5433

    SHA1

    3338744a8e98294592d391cedfc07d28aed24e34

    SHA256

    fbb3d5aff4628761e83aeda81cb9d3465cbaefd9838024fce2aea454fe9856dc

    SHA512

    676bc42f753519ce9dc066a6faacc9d24b1bb729c9471cdd2281177ad9d2673358f3aec954df6883568e0579fe3e7fd73ddfa51a37b3deb8f9d3ecd98289045b

    Download Submit

  • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\esdkW.dll
    Filesize

    1.3MB

    MD5

    dd8242e233f4fc374cb996c541391be8

    SHA1

    bb21aed8afa07f97f101e192dce37ab5b5dbc215

    SHA256

    36492c0186372f39846cedad1aa02f17a334f6f8aed015ff13a3c79437fbfdf3

    SHA512

    43f1d280a416a135e3be3986675f5a964774bee8ec9e9caac99b8938caf837848770f54b4750a99e32da914e4842721ccf77af64ea07ff6d4ae0e26bccb0cadb

    Download Submit

  • C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\sciter-x.dll
    Filesize

    3.1MB

    MD5

    60fb382ac6d6be9d19f404f1dcb1180f

    SHA1

    1ca5de5db080beb388d5ab66c01e8a23983547c2

    SHA256

    b7b00184a8bc068588d5044e2f84e3f1a6e5e033e6390284728f81170ad81b79

    SHA512

    d785cffb31c428aad07f8be50960e0cc0c2295b383f27af425e525aad79d16090fe0a5c1f03b3b1e5117f3fe5b014d1ad6e045ceca96fa420c8e14946ac33b51

    Download Submit