Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 06:12

General

  • Target

    HA_DVDIdentifier401_Fire.exe

  • Size

    1.2MB

  • MD5

    5b08b5ee037855a3d60bfbd203c04a36

  • SHA1

    61f021b788047b40040e9244d715d8330b4fc6d2

  • SHA256

    a13746da6dafe6272966ce0ba7d80fe74d1f4d510983ef9c126602c272e7d413

  • SHA512

    99dcdb73fc611c627604b8dd4d7934fdb5646d1796172f2d34f23ee45dbc99e15db10d98f5744db2ac2064d6b419ab8759f119453fa6b05e7bab27c36bda320f

  • SSDEEP

    24576:XoeroCxZodYaVvQb/DiISWknGIqjCgpik+EDoDqwvEiEZczFLp99:YeroCxZoaaODzSxnGNHpwMgqIUGFLl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HA_DVDIdentifier401_Fire.exe
    "C:\Users\Admin\AppData\Local\Temp\HA_DVDIdentifier401_Fire.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\ioSpecial.ini

    Filesize

    621B

    MD5

    91d05ee2b502afa9ad649342837f3807

    SHA1

    8a4979325ba1c12587ab699e70046d77acd82817

    SHA256

    bff27e9f1e011b95459026b3de91138b4c8ee2d926bf73a633fe7ebd93ffa208

    SHA512

    e987114da585960a13287b1610f95d9e7a7e4abf0edc984115671e19dd6661836c101d4a69966cf9b056d520d31d608695ec8bebffd12f25ad2550a816652973

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    1e8f2fefe3ce893b117b26948b8978cb

    SHA1

    59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

    SHA256

    8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

    SHA512

    b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\Splash.dll

    Filesize

    4KB

    MD5

    e07ad0d2f86ddf926911e3d2dbc2021e

    SHA1

    370c93de8c9ba9549b0a646b329cb8d2fc7c91f8

    SHA256

    2ada4d9531a62772ddd7eeb0737fe91925982c543990d9c0d4faaadde12b7ed0

    SHA512

    c13747e3cb2d6712f3bf19bfe1bbbab47763239a4e21bbe685edbedae98bda9c7b8e4e06c22e8b7737752a3c3129e07c91c00b6e90ac741e891bc1bfa966fdae

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\System.dll

    Filesize

    10KB

    MD5

    10c44246d99a1c2e5f5e6b52b111a63d

    SHA1

    0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    SHA256

    7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    SHA512

    e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3