Overview

overview

10

Static

static

10

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

Connectify...er.exe

windows7-x64

7

Connectify...er.exe

windows10-2004-x64

7

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Conn...wn.exe

windows7-x64

3

$TEMP/Conn...wn.exe

windows10-2004-x64

3

$TEMP/wifi.dll

windows7-x64

1

$TEMP/wifi.dll

windows10-2004-x64

1

BuildProps.dll

windows7-x64

1

BuildProps.dll

windows10-2004-x64

1

ConnUPnP.dll

windows7-x64

1

ConnUPnP.dll

windows10-2004-x64

1

Connectify.exe

windows7-x64

1

Connectify.exe

windows10-2004-x64

6

ConnectifyNAT.dll

windows7-x64

1

ConnectifyNAT.dll

windows10-2004-x64

1

Connectify...es.exe

windows7-x64

1

Connectify...es.exe

windows10-2004-x64

1

Connectifyd.exe

windows7-x64

1

Connectifyd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ConnectifyInstaller.exe

  • Size

    2.3MB

  • MD5

    bba89f330b31044a6c6569ee0614b615

  • SHA1

    1e1831ac192e85ffd87f9ca0861df9b170f2d519

  • SHA256

    4eb55b8382e711f6434967847653b7832de6bd5b4fe0fd18fb9add1c2c55c430

  • SHA512

    a57978cafdd4616ddb96ac3dc05aeba3b5888545cf15f4884452a8aaf7002e856f91dbf9d62be2b2d1115e8ffe3647469342fbfc3baa10b81c0d92925e39a7da

  • SSDEEP

    49152:cxBxnUgRYxw1DaR0L+AZe+bWR5wWu2Uqg8PEZAvp420u:YBxnUgRlDaXQWu27Lkru

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nsi8E8.tmp\OCSetupHlp.dll",_OCPRD357RunOpenCandyDLL@16 1540
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi8E8.tmp\OCSetupHlp.dll
    Filesize

    750KB

    MD5

    5686166442c2cfe6aba9baba48e4cc71

    SHA1

    cc6980469c59bfa6eca02d9765adc5fd0aa5edee

    SHA256

    2707d2ced65aca83c2970e55daab2e9fa7a1d9bde31d2afd3931681589d50e5d

    SHA512

    a5334cb0941373473e288120887e9ab89be1884c3ef23a62535ea578a8f6d33502183663092c9a92a76129196d1ec53e4d786fd425a3866c8465a108a190ee4b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsi8E8.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsi8E8.tmp\UAC.dll
    Filesize

    13KB

    MD5

    7f56c0d6a8733dec142814ed5a58b0ee

    SHA1

    c119e66f179cfb758966f3cf878466057bea1840

    SHA256

    86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

    SHA512

    8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

    Download Submit
  • memory/2132-23-0x0000000000140000-0x0000000000141000-memory.dmp
    Filesize

    4KB

    Download