Overview

overview

7

Static

static

3

089e5228da...18.exe

windows7-x64

7

089e5228da...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

1

$PLUGINSDI...er.exe

windows10-2004-x64

1

$PLUGINSDI...ar.exe

windows7-x64

1

$PLUGINSDI...ar.exe

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ne.exe

windows7-x64

7

$PLUGINSDI...ne.exe

windows10-2004-x64

7

AdminWorker.exe

windows7-x64

1

AdminWorker.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

1

WebUpdater.exe

windows10-2004-x64

1

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

content/iwinarcade.js

windows7-x64

3

content/iwinarcade.js

windows10-2004-x64

3

content/un...l.html

windows7-x64

1

content/un...l.html

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 18:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/smartinstallAllinOne.exe

  • Size

    202KB

  • MD5

    082c78654828352b43e7818ae272c826

  • SHA1

    b1a6c498bc0ed6776e84345e30df83a7c0db425a

  • SHA256

    981c92d332c0c69c89b2c8d944f8a773823ec91228deb4447898773df7822bc5

  • SHA512

    eb6ef52b589d0b948992c23781516745d6417a96bfc85fab2654b3dca18d6a61e4083c04afd8bb887ce0f721f197cd1fc1738af7a65dd1ad77ddd86597f73ac1

  • SSDEEP

    6144:h40JDvFeKBw8v92A7BBNC0kz/ifYxUxBE1T3N:71Bv/NwbWTC3N

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\smartinstallAllinOne.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\smartinstallAllinOne.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Users\Admin\AppData\Local\Temp\GLB9F0.tmp
      C:\Users\Admin\AppData\Local\Temp\GLB9F0.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\SMARTI~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\GLB9F0.tmp
    Filesize

    70KB

    MD5

    91c551a92e678f977821ea9c1079f984

    SHA1

    f3243b6ff7ea118a178f301a9bd3d0dc1a18741d

    SHA256

    9bb92f379e5c313528112a53488ca106f1da97c88082f124fcdfbdb392833db6

    SHA512

    f584b1094ab4ce1db7976706aca2c89601c80a106d86eeaf2b2b4a4059ff54e0c94817bd5ddd3bb21a6584878efad8262b9a1d7961a80035785240995854e491

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLCA1E.tmp
    Filesize

    161KB

    MD5

    8c97d8bb1470c6498e47b12c5a03ce39

    SHA1

    15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

    SHA256

    a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

    SHA512

    7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

    Download Submit