Resubmissions

14-06-2024 13:16

240614-qhxzbawckn 7

14-06-2024 13:06

240614-qcfg3ssamd 4

Analysis

  • max time kernel
    362s
  • max time network
    379s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 13:16

General

  • Target

    ugene-50.0-win-x86-64.exe

  • Size

    224.2MB

  • MD5

    b42bb289071ff91ac1f7c095496a2171

  • SHA1

    bb1caa1d21df183722b81edfa6267b4270a7e048

  • SHA256

    a2792b8d2290310062cfa14c52036192f8359af62ee7ff3be63e86ddbf637d75

  • SHA512

    1c9d4b3a452639607f0221f4a499b380aab98f0531115e396ae1199889c52f0eed2877beb3c7144170edf980c7c50680d52ed10a0e2dfb39e76f1a0d58e6aa5b

  • SSDEEP

    6291456:8Hri1nn8MoFEpMBTztP9TIUtkjQfu0w/RSOfrUwoTqItwm:OE4+psTzv0UgQJw/9TUwoTqIt5

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ugene-50.0-win-x86-64.exe
    "C:\Users\Admin\AppData\Local\Temp\ugene-50.0-win-x86-64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nstA797.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    de3558ce305e32f742ff25b697407fec

    SHA1

    d55c50c546001421647f2e91780c324dbb8d6ebb

    SHA256

    98160b4ebb4870f64b13a45f5384b693614ae5ca1b5243edf461ca0b5a6d479a

    SHA512

    7081654001cba9263e6fb8d5b8570ba29a3de89621f52524aa7941ba9e6dfd963e5ef7b073f193b9df70300af04d7f72f93d0241d8c70ccdbecfd9092e166cac

  • \Users\Admin\AppData\Local\Temp\nstA797.tmp\System.dll
    Filesize

    11KB

    MD5

    fbe295e5a1acfbd0a6271898f885fe6a

    SHA1

    d6d205922e61635472efb13c2bb92c9ac6cb96da

    SHA256

    a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

    SHA512

    2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

  • \Users\Admin\AppData\Local\Temp\nstA797.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    ab101f38562c8545a641e95172c354b4

    SHA1

    ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

    SHA256

    3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

    SHA512

    72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037