Overview
overview
7Static
static
3SecuriteIn...46.exe
windows7-x64
7SecuriteIn...46.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...tn.dll
windows7-x64
3$PLUGINSDI...tn.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...oc.dll
windows7-x64
3$PLUGINSDI...oc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3MouseHook.dll
windows7-x64
1MouseHook.dll
windows10-2004-x64
1PrintScreen.exe
windows7-x64
1PrintScreen.exe
windows10-2004-x64
1gamebox.exe
windows7-x64
1gamebox.exe
windows10-2004-x64
1tabGame.exe
windows7-x64
1tabGame.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3General
-
Target
SecuriteInfo.com.PUA.Wews87.18866.10846.exe
-
Size
1.5MB
-
Sample
240615-spk97sygjq
-
MD5
64972fe0da09081ef0d7e670413bbb03
-
SHA1
0b42848a45e3c890613e46bb647efb39c19d6cb1
-
SHA256
6d27a4abf0b2438f8d5cf4f6ada7798be1b8208d36674705252c631dd6f844e9
-
SHA512
c72be206fe7d3832b93af5b250f7ebe2f55c5690462604ee4c693915254c739da193609c34d1124cbd10e64b88447eb8c5099e1324a023a2565b5e4e0aa76ba7
-
SSDEEP
24576:JTcPTNrdAcGwqV4aUxuxWQMnGVrZ58wrU02Q/CH+lHRm3nYJlX:INrKcGwqLUxuxWQMS3IbiS+p6nYTX
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.PUA.Wews87.18866.10846.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.PUA.Wews87.18866.10846.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/SkinProgress.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/SkinProgress.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/WndProc.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/WndProc.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
MouseHook.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
MouseHook.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
PrintScreen.exe
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
PrintScreen.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
gamebox.exe
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
gamebox.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
tabGame.exe
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
tabGame.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
uninst.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
uninst.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.PUA.Wews87.18866.10846.exe
-
Size
1.5MB
-
MD5
64972fe0da09081ef0d7e670413bbb03
-
SHA1
0b42848a45e3c890613e46bb647efb39c19d6cb1
-
SHA256
6d27a4abf0b2438f8d5cf4f6ada7798be1b8208d36674705252c631dd6f844e9
-
SHA512
c72be206fe7d3832b93af5b250f7ebe2f55c5690462604ee4c693915254c739da193609c34d1124cbd10e64b88447eb8c5099e1324a023a2565b5e4e0aa76ba7
-
SSDEEP
24576:JTcPTNrdAcGwqV4aUxuxWQMnGVrZ58wrU02Q/CH+lHRm3nYJlX:INrKcGwqLUxuxWQMS3IbiS+p6nYTX
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/SkinBtn.dll
-
Size
4KB
-
MD5
e4ec95271ff1bcebab49bdfed6817a22
-
SHA1
2c03e97f4773aea80ecdb98a1482e5896fe4677b
-
SHA256
ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6
-
SHA512
771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d
-
SSDEEP
48:iIf3aEDfeWm8JHFQbUrUPJJDFoetaxn/pFW3GNivz187eqzI/kMr8oX0Zbj:lv9Dfw8DQbhD2iaxn/PHmiNI/dQFZH
Score3/10 -
-
-
Target
$PLUGINSDIR/SkinProgress.dll
-
Size
4KB
-
MD5
cc037c4703d3ec257efeef2ce0a1a20e
-
SHA1
b3d6cc8f687a31fb2c1a5921a38de9429af20502
-
SHA256
888b32ecbc37ce67d4edc28d894cba0a4f4e2488cfc2212d1af011bd0bfe97ff
-
SHA512
120bfa0a68775bef04c1863023b0e73a41982284fb36da7f497fbb7d5ed8631ad02fa09951424d339f6fefaa90a17c12f949dd68bb33bad64b1b7cace489d2a7
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/WndProc.dll
-
Size
3KB
-
MD5
f0cb331dd4bd92a6ebce45e7cd1cf5ef
-
SHA1
b66ea0c10b08750295f2dc7c170b370402393214
-
SHA256
e7b3115fa2ce4a8fa09beeefa4fb634a474197f38a2854ce9be60d0a26016458
-
SHA512
7c33418f39b91ae0d4cc8b560f516bac293593eef539832815028878c2058bf1691c2d767a039cf312989839071f2f6f0b6d9d59835acdfff6b448bf1ffea271
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c10e04dd4ad4277d5adc951bb331c777
-
SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
-
SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
SSDEEP
96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score3/10 -
-
-
Target
MouseHook.dll
-
Size
32KB
-
MD5
65e642f3bb79e29178688872b4a10110
-
SHA1
46c97a21de9823b2f7b72f6498da2be29168716c
-
SHA256
93a9a7fd3e263959a0d6a19936300b3ce25bf528f49a687e385a6ad168dedb69
-
SHA512
ffa95cc5ed5f39c58a5c75e7b82f98a9570babc1fefdb43af835f4b8176ccc54a263ea51600bc8e3447b7d432f6f571115ddebd9933f4098d9de9fbf32b9a3d6
-
SSDEEP
768:PHr78zW8XvCBcaxXoAapGai292OKqFqRt7+Bq:PL78zW8fCWa9C2OKqFI7Sq
Score1/10 -
-
-
Target
PrintScreen.exe
-
Size
97KB
-
MD5
e7500f0da2dbe54afc6b55ce9cb8cbd1
-
SHA1
fda607e52c0f84baca873393f5c556ed4cefb388
-
SHA256
b73a30538dac24ce73e9e7baa5e6d51e92f6b70d477d7349e1c5f1d2dd3995e0
-
SHA512
4009978f8ae0f06ce486413582e25169d74fc676e96fb32734751e2c7ec0cce38bb367e721884ee1d8d69f726c3f191cc5eb2ecba0b47c1cbeb763116054939c
-
SSDEEP
3072:+CpseI3XMsSFVPJsVnWOIkqOOgz5zBz5z+R:+KI3XMsSnPCnnXqOOb
Score1/10 -
-
-
Target
gamebox.exe
-
Size
1.3MB
-
MD5
e3b9eb80454af79599c7921741cca862
-
SHA1
e127c45748667c325cc7db327728e19a6439c576
-
SHA256
9627dacd4cba7a4a7ff107d96e037b20367ad21cbd9f8fddec6d006a1172df38
-
SHA512
0f3d5105f94e414ff872534bef72705b9941081c0df9a79163fcfb66196216b7b2923ed3db46899e06972c4ae4756c5bdeaa9066c71dfa59358e71d7148fd928
-
SSDEEP
24576:oThecuUBs2D+MoGcPlLgKaslRTM0yInTBlzIhhB2YEZ8GvkTvN29BTcuQjvi:oThD+RDLlz+hB2YEGGcTlinQjvi
Score1/10 -
-
-
Target
tabGame.exe
-
Size
514KB
-
MD5
3be916538ed732acd95a48e167567884
-
SHA1
cfaf3ff172c91f7da8095a76f0956184d0c37895
-
SHA256
2c2a0a24378274cbc825c33df18ac331cbc5500f3d17deafe0c5537da6f9a410
-
SHA512
2af7a39ae6a8a1a2c99b65b4775a1fafa38280de88810565c4e63b74f8ee4c0f047e2ef7f860095368c7ffbf2e13b93586b1eadcd91ddb57801c0c6443103bf7
-
SSDEEP
6144:AyfZO3pL9HO/DIFClLuI9W79VlWHm4oLc7YPngLXhHIFuFszQCTcNBV:A33pLnClNOd4oLKYPng7honTcN7
Score1/10 -
-
-
Target
uninst.exe
-
Size
1.9MB
-
MD5
90c57149c6bb8a6c99f561b4e1ccc608
-
SHA1
d20a35ae806b42f62b17e4d48899d9715a519c98
-
SHA256
7d2322f80c0c60135bd2fef4d180eee70266eac624d49aa16db757320198d203
-
SHA512
3ba8c7056ec8b960f0776fae1b6593d2bc8460156b34a1f469561325daf031b680b9cbbec99516d88f92e753e141c9b9388ba9efdde92b6b41cf8e5a21fbbf01
-
SSDEEP
6144:0e34wCTcFedpWdvqeWi9J1qR5fssLG47ASWLfBM5Ez64NErXDr1R8Dw5c1mx:OTcMWd0gaG0WbBMuz64WjFrx
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/BgWorker.dll
-
Size
2KB
-
MD5
33ec04738007e665059cf40bc0f0c22b
-
SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc
-
SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
-
SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score3/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -