Analysis

  • max time kernel
    77s
  • max time network
    78s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-06-2024 18:38

General

  • Target

    Flash PlayerInstaller.exe

  • Size

    504KB

  • MD5

    ac3638b216ba347743bf3cdcfc87459a

  • SHA1

    3f33de8c47b5bf38380d89913279b9475f113bc5

  • SHA256

    cc5d6a66049d1923450c1660e434d85ab3fb96d6266e2ebec80429a19d4579b5

  • SHA512

    99184b1bd6f3992ea78bd2c89a3a93593a7e7ed9f1bbe757ff59fa76dc59507c3e6045d7048408d9c7a6e7c26ce6579349ed5fad38b2a62342483627ede27ba0

  • SSDEEP

    12288:aj8V2ZRQBohPtt8iClB38wYI8haQRSQlQft/8oI1sruo4njdKv0H:c8V2ZRQBiLE8Im2ft/qGugv

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Flash PlayerInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\Flash PlayerInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\Setup.exe
      "aeac2814-61bf-4a12-8b11-c5ea3cfa382c\Setup.exe" "C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\index.html"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2604
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 1500
        3⤵
        • Program crash
        PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\Setup.exe
    Filesize

    821KB

    MD5

    f517e343fc5d364856d71fe477b34094

    SHA1

    507eecf79302cb2f31521638ad28f6035b0f92eb

    SHA256

    fb43823612d7d6c9efef26ad685f720e0e007fcad6379dbe1e002fa18242e908

    SHA512

    424da125281693651beaf4b324b5cb3d1eee4445e7c21d3d05785e4b147f27b63c0c21dcd52ed605bc22b32f79a778eef58a9ad24c2896179be60c639b2b6340

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\data.js
    Filesize

    81KB

    MD5

    29e08e5f8df1a8e6fee050f8b5fd9c0c

    SHA1

    197fd5fa4d96fd06c5c020fe64c1b8c1edf1973a

    SHA256

    aec29a48a3a54828661f8351c863175bd9ceeb15dff565146ffa7664646622dd

    SHA512

    5432c833b0ea2616c1da9a1657f87c2737b254a509ee739c16a1c7d4bc8e740a8769843e672ee833c61a8cf74d141d89ed0d8240ae1fd57b2918a64b2a242490

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\data0.js
    Filesize

    255B

    MD5

    3089dc394d4ca4ac85bf220902a7fc39

    SHA1

    768dcba1c6166317ab4e5979a2ede8afbfe20ee3

    SHA256

    70ec36ea666c234df7231315edaa24c8a2158e9ed1786116a43960ae4d185292

    SHA512

    3b9ea300ba175d4af24f2b2ddd8c6252ea829b590961cb07c2393d518e69e0bb72cbe70778fff14d6d8b03a3567c36bf1de5400e477cdd3d0a5a4781051e89b2

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\index.html
    Filesize

    489B

    MD5

    263e7937ad144efa91dc45e29a4238c5

    SHA1

    baab29f7377b9bd43175d6e6cf0a7e317f3f3e48

    SHA256

    b5f7d03b8819dbcef07a1cb98522e76e5f89770519cfca0d7799f711a579f7a5

    SHA512

    1308bd31e98a67ca909a96ad46858bc5ff51774b88ea5934495dfe1bfd8312bfd86d0d01adb1cc4027a4bb15dc9b5e9965f45ba860eb25ec4d489e16b68014af

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\web\css\main.css
    Filesize

    2KB

    MD5

    f831bb398578407ecfb03ac2ac12a725

    SHA1

    b4ccf4aa0ac4f796e5d4f0f7e1f5004c1173c31a

    SHA256

    ed577dffdb0291e142ff6d1c4a00d03d0c98482ee5c3fc12ed7585a19e2300a9

    SHA512

    2643a6386e2f80b678d2d66258486d63e66975507aab382f1564804bc02630792316c2d57dbd8849b107e8e24a9c05352633bedeb65c82553e13e6827a5cd48d

  • C:\Users\Admin\AppData\Local\Temp\aeac2814-61bf-4a12-8b11-c5ea3cfa382c\web\js\app.js
    Filesize

    126KB

    MD5

    02e40106b372a0318f1e5360fbfc6304

    SHA1

    e257489168b3b3f1eb3433622e48da5abfd15b9c

    SHA256

    69c056b13b2d03199bf67833e772c9bb4547dfc8ccb6e304fbbb36bdcecf3bd9

    SHA512

    978543a567c3f3630f31141ece5b4bb68ef78f6e007251450412c9eee4ca06f4ca385352b4299ba84fdbf3ee220052a5fda6711d02f855ccef1e4b0fcdba4713

  • \Users\Admin\AppData\Local\Temp\nsl883D.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • memory/2604-35-0x0000000000600000-0x0000000000601000-memory.dmp
    Filesize

    4KB

  • memory/2604-42-0x0000000000400000-0x00000000004D4000-memory.dmp
    Filesize

    848KB

  • memory/2604-45-0x0000000000600000-0x0000000000601000-memory.dmp
    Filesize

    4KB

  • memory/4420-0-0x0000000000400000-0x0000000000432000-memory.dmp
    Filesize

    200KB

  • memory/4420-41-0x0000000000400000-0x0000000000432000-memory.dmp
    Filesize

    200KB