Overview
overview
10Static
static
10155绿色�...��.url
windows7-x64
1155绿色�...��.url
windows10-2004-x64
1Connectify...er.exe
windows7-x64
7Connectify...er.exe
windows10-2004-x64
7$PLUGINSDI...lp.dll
windows7-x64
1$PLUGINSDI...lp.dll
windows10-2004-x64
1$PLUGINSDI...SC.dll
windows7-x64
3$PLUGINSDI...SC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$TEMP/Conn...wn.exe
windows7-x64
3$TEMP/Conn...wn.exe
windows10-2004-x64
3$TEMP/wifi.dll
windows7-x64
1$TEMP/wifi.dll
windows10-2004-x64
1BuildProps.dll
windows7-x64
1BuildProps.dll
windows10-2004-x64
1ConnUPnP.dll
windows7-x64
1ConnUPnP.dll
windows10-2004-x64
1Connectify.exe
windows7-x64
1Connectify.exe
windows10-2004-x64
6ConnectifyNAT.dll
windows7-x64
1ConnectifyNAT.dll
windows10-2004-x64
1Connectify...es.exe
windows7-x64
1Connectify...es.exe
windows10-2004-x64
1Connectifyd.exe
windows7-x64
1Connectifyd.exe
windows10-2004-x64
1Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 05:25
Behavioral task
behavioral1
Sample
155绿色软件站.url
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
155绿色软件站.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
ConnectifyInstaller.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
ConnectifyInstaller.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
$TEMP/ConnectifyShutdown.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$TEMP/ConnectifyShutdown.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$TEMP/wifi.dll
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
$TEMP/wifi.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
BuildProps.dll
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
BuildProps.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
ConnUPnP.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
ConnUPnP.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
Connectify.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Connectify.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
ConnectifyNAT.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
ConnectifyNAT.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
ConnectifyNetServices.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
ConnectifyNetServices.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
Connectifyd.exe
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
Connectifyd.exe
Resource
win10v2004-20240508-en
General
-
Target
ConnectifyInstaller.exe
-
Size
2.3MB
-
MD5
bba89f330b31044a6c6569ee0614b615
-
SHA1
1e1831ac192e85ffd87f9ca0861df9b170f2d519
-
SHA256
4eb55b8382e711f6434967847653b7832de6bd5b4fe0fd18fb9add1c2c55c430
-
SHA512
a57978cafdd4616ddb96ac3dc05aeba3b5888545cf15f4884452a8aaf7002e856f91dbf9d62be2b2d1115e8ffe3647469342fbfc3baa10b81c0d92925e39a7da
-
SSDEEP
49152:cxBxnUgRYxw1DaR0L+AZe+bWR5wWu2Uqg8PEZAvp420u:YBxnUgRlDaXQWu27Lkru
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
Processes:
ConnectifyInstaller.exeRunDll32.exepid process 3664 ConnectifyInstaller.exe 3664 ConnectifyInstaller.exe 3664 ConnectifyInstaller.exe 3664 ConnectifyInstaller.exe 3664 ConnectifyInstaller.exe 2920 RunDll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
RunDll32.exepid process 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe 2920 RunDll32.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
ConnectifyInstaller.exedescription pid process target process PID 3664 wrote to memory of 3580 3664 ConnectifyInstaller.exe pcaui.exe PID 3664 wrote to memory of 3580 3664 ConnectifyInstaller.exe pcaui.exe PID 3664 wrote to memory of 2920 3664 ConnectifyInstaller.exe RunDll32.exe PID 3664 wrote to memory of 2920 3664 ConnectifyInstaller.exe RunDll32.exe PID 3664 wrote to memory of 2920 3664 ConnectifyInstaller.exe RunDll32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Windows\system32\pcaui.exe"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {36d031b7-bf74-4e17-8147-63bcf65fd348} -a "Connectify v5" -v "Connectify" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"2⤵PID:3580
-
C:\Windows\SysWOW64\RunDll32.exeRunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\OCSetupHlp.dll",_OCPRD357RunOpenCandyDLL@16 36642⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\OCSetupHlp.dllFilesize
750KB
MD55686166442c2cfe6aba9baba48e4cc71
SHA1cc6980469c59bfa6eca02d9765adc5fd0aa5edee
SHA2562707d2ced65aca83c2970e55daab2e9fa7a1d9bde31d2afd3931681589d50e5d
SHA512a5334cb0941373473e288120887e9ab89be1884c3ef23a62535ea578a8f6d33502183663092c9a92a76129196d1ec53e4d786fd425a3866c8465a108a190ee4b
-
C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\System.dllFilesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\UAC.dllFilesize
13KB
MD57f56c0d6a8733dec142814ed5a58b0ee
SHA1c119e66f179cfb758966f3cf878466057bea1840
SHA25686445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f
SHA5128b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3
-
memory/2920-24-0x0000000000F70000-0x0000000000F71000-memory.dmpFilesize
4KB