Overview
overview
7Static
static
3f62712e793...bb.exe
windows7-x64
7f62712e793...bb.exe
windows10-2004-x64
7$PLUGINSDI...re.dll
windows7-x64
1$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...ui.dll
windows7-x64
1$PLUGINSDI...ui.dll
windows10-2004-x64
1$PLUGINSDI...rk.dll
windows7-x64
3$PLUGINSDI...rk.dll
windows10-2004-x64
3$PLUGINSDI...vg.dll
windows7-x64
3$PLUGINSDI...vg.dll
windows10-2004-x64
3$PLUGINSDI...ts.dll
windows7-x64
3$PLUGINSDI...ts.dll
windows10-2004-x64
3$PLUGINSDI...40.dll
windows7-x64
3$PLUGINSDI...40.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
1$PLUGINSDI...on.dll
windows10-2004-x64
1$PLUGINSDI...if.dll
windows7-x64
1$PLUGINSDI...if.dll
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...co.dll
windows7-x64
1$PLUGINSDI...co.dll
windows10-2004-x64
1$PLUGINSDI...eg.dll
windows7-x64
1$PLUGINSDI...eg.dll
windows10-2004-x64
1$PLUGINSDI...vg.dll
windows7-x64
1$PLUGINSDI...vg.dll
windows10-2004-x64
1$PLUGINSDI..._1.dll
windows7-x64
1$PLUGINSDI..._1.dll
windows10-2004-x64
3$PLUGINSDI..._1.dll
windows7-x64
1$PLUGINSDI..._1.dll
windows10-2004-x64
1$PLUGINSDI...40.dll
windows7-x64
3$PLUGINSDI...40.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07-06-2024 10:33
Static task
static1
Behavioral task
behavioral1
Sample
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Qt5Core.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Qt5Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Qt5Gui.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Qt5Gui.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Qt5Network.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Qt5Network.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Qt5Svg.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Qt5Svg.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Qt5Widgets.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Qt5Widgets.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/concrt140.dll
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/concrt140.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/iconengines/qsvgicon.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/iconengines/qsvgicon.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/imageformats/qgif.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/imageformats/qgif.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/imageformats/qicns.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/imageformats/qicns.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/imageformats/qico.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/imageformats/qico.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/imageformats/qjpeg.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/imageformats/qjpeg.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/imageformats/qsvg.dll
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/imageformats/qsvg.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/libcrypto-1_1.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/libcrypto-1_1.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/libssl-1_1.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/libssl-1_1.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/msvcp140.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/msvcp140.dll
Resource
win10v2004-20240508-en
General
-
Target
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
-
Size
8.3MB
-
MD5
3aed62680dcb29125d1470ecf2f0cc06
-
SHA1
67a49fb3a2c50c1de0f163291de5076dac4be974
-
SHA256
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb
-
SHA512
217c0430f11e3bdd3db73b06cb636857dd313e53c8bfee8367b25a9b1043491ce7812602f0c92d97e0b740555ad05e619d852da48f5c95d52fa66fadf7c1475e
-
SSDEEP
196608:4AMFrGBQG8VZYBZXV4vS/ztfAT1WSger292uaarZMPHpi9xx:4AMuQGeZYB8vS7tfAqqzwMP4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Un_A.exepid process 1520 Un_A.exe -
Loads dropped DLL 15 IoCs
Processes:
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exeUn_A.exepid process 2820 f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe 1520 Un_A.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
Un_A.exepid process 1520 Un_A.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Un_A.exepid process 1520 Un_A.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exedescription pid process target process PID 2820 wrote to memory of 1520 2820 f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe Un_A.exe PID 2820 wrote to memory of 1520 2820 f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe Un_A.exe PID 2820 wrote to memory of 1520 2820 f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe Un_A.exe PID 2820 wrote to memory of 1520 2820 f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe Un_A.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe"C:\Users\Admin\AppData\Local\Temp\f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
311KB
MD599d9e0fa8040828a75e924d7868c4154
SHA141ef503eb02e139dafd9c50218a132f7b04327cc
SHA256791de6c3ac6b9fca5118e7528f70b85161c86c3f393de4555b7a1489eda0f1ba
SHA51204b496384d4bcd7ebb33aa72ca517d91a8ba02adc5d0bda587585d772a1b27df639455d3b8c8cc4b2029b6a19192ec9e465ab29d9589de82394df9cc423deabb
-
Filesize
4.9MB
MD59883f722350a66f4cdb3c43a990707b4
SHA1cd05074ca8cf2ff4e39c4ecc8a88894ed9b9b169
SHA256366f2c1abc8cd42a956f9747370d94bc48c7b78c362a99634ff01acab7b6c866
SHA512c62925b3b51608e7c1ce5e782a2ee5779fda3a99c7cefcd3ea65f1fbf114e3869d37c580848db151d7d774da0d8b6ec3dacfd2949a27bcede4f5b14a51bcac4a
-
Filesize
5.1MB
MD59af8844d2e5fa1b78ca5d5717750bf8e
SHA169768b6a935ad6aacf07576a3a34bb84464953f2
SHA2567923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6
SHA512b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2
-
Filesize
1.0MB
MD5f695b4ec06c6d164e71742dc52cf45bd
SHA191dad1f5e88e0acee59b06ae861d6231656f3b91
SHA256672b9e404d20c94c137172deaffdbbb9be6b9922e10f6fc7f2d8d1d13d8a7ddd
SHA512347a89435db11b92ed530ebb5fde97ca0fa70da5af33cf0a8687679a777ac8e6d19761a1085618b0f54804fff0c4b4c66cd20eae31a9544a9262db1f846b9028
-
Filesize
4.3MB
MD50437c572b8692fe4d9ab3227b935f6d0
SHA191a586716b48f790521fc40c3b0b80c0dd16f5d0
SHA2564ce775b049018e12196fd710c6b5d390562fedcfb283433628a3f1079574b7c1
SHA512cf5fd292455c57a6e92f0f98da526c1d911a1ee54cae2dec45fa75d1bd09490cde95933a26778c1ce45f0f59a54701ec0dd12e7b7867c30bdf37fc48784107fc
-
Filesize
30KB
MD5ad90539a0cc5bea4ce30ccf45b22be95
SHA1ef7c968e399f30b34da6a49adea6a891c8449d32
SHA2562bfeabb11ce7f48b062c1044c54eb117408517c0e0c09641ea682bb3b35728ad
SHA512cd5e564c72bc1ccbf642b437b85ef1760e692e178b6c5e40bf183fb3decfa3cd59c97bfa7ed620715837c33b2128493b5c7b07f48e6f6e83cdb3bd6675af9979
-
Filesize
39KB
MD56e9ea212ede912e5adea6a724c942241
SHA12c3a3670fb1a443950e8c8aa1c4a6f80bd4b04d4
SHA25602725fa085c4efeb9a380662a51e81c2483aada0b8632842b484cdd4f6066f75
SHA512384308b876f149117895ecf98ed8df11c2ce1794301be60630b2a844c30e38eadca78823a50fc9a2dd5d1e79d17311bae213f0454270143e5a20ddd8b5e696d8
-
Filesize
30KB
MD510c535fcfca304afb59a8c491349426f
SHA17a53485cde15e7212814a49b1e8f84d90fc9573a
SHA256a4a9d2dbb549b62c615e514d4aad75298e8342ab90b7f30ae163f064654a1299
SHA5126c4fb8592a1f3cb6dbba02a23787d8d782aaf9c227db141aa846e908dccb0b584cd32d6daa0f8dbe12a6803eaf41b8e36c33a558461006d52abe512f51420bde
-
Filesize
361KB
MD5a411567f64e267460df090d795a8bb32
SHA1f3762d6a199aac2824f418914069b5cff5914e05
SHA25680e1b62b936b10cfae9610796b9e160615c0deffa82f0f8f27c2212baae9d7b8
SHA512e123a351144f6ebcabaa89a7ee5c26b84b6938daa99a6e80e25cd2d65b955456d0cf7631f22ea3badbac21bcc58711e9588f3d4b4034305fe41faada318bf5c9
-
Filesize
26KB
MD5ca2ea003c6fb8ee2b3f059dcd9338012
SHA17ad2a5bdba61f432d5a5cc655d6834a91e6fc2f3
SHA25687905c987b8e6301d50ff691482c6cc262d0c96973a38e2d8a294cd720b37b4d
SHA5126cc54d7e8308ddd5ed2c4eef113bacf87425e8cf6143466614549e25431b880eed663afae671eefa21eec2ef78635dd64e57df971bcaebf8ae33752815bcf249
-
Filesize
439KB
MD55ff1fca37c466d6723ec67be93b51442
SHA134cc4e158092083b13d67d6d2bc9e57b798a303b
SHA2565136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA5124802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546
-
Filesize
1.2MB
MD5c41b9d665cbfff0d51aeeb84b70dc978
SHA1d95892dd39c8ab2d11ac4329233a1fe1e71dc479
SHA256441b8371df3411361131e9ea2db0a091d26d699636932e695afb67f8adaac77b
SHA512c89ab6e0710abe5c32a0471ff3b08538be0a9c6ed50833b82d12ebb19124a94161fb1748969ca5fe0d8aace10ff499b3317db9b07bdba370a9b0bf5707f6b7c1
-
Filesize
125KB
MD54e611fb1077bfa73f24cc11fc9c9c871
SHA18e68093fd3d585b668705b9de21d9be104ae241f
SHA2568ca284c960d744f35f8af783af791fd1ecfe02965e342b4c3220ee3d162ae3d0
SHA51294e0083ef999908a5a624eedaef8ce24ebcee09abd1c38ae517747ef617d3ed4207d3ea0b1df47f1379caed5d7d397303f6e81ab24466724bf6273979ed85f09
-
Filesize
78KB
MD5a37ee36b536409056a86f50e67777dd7
SHA11cafa159292aa736fc595fc04e16325b27cd6750
SHA2568934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA5123a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356
-
Filesize
8.3MB
MD53aed62680dcb29125d1470ecf2f0cc06
SHA167a49fb3a2c50c1de0f163291de5076dac4be974
SHA256f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb
SHA512217c0430f11e3bdd3db73b06cb636857dd313e53c8bfee8367b25a9b1043491ce7812602f0c92d97e0b740555ad05e619d852da48f5c95d52fa66fadf7c1475e