Overview

overview

10

Static

static

10

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

Connectify...er.exe

windows7-x64

7

Connectify...er.exe

windows10-2004-x64

7

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Conn...wn.exe

windows7-x64

3

$TEMP/Conn...wn.exe

windows10-2004-x64

3

$TEMP/wifi.dll

windows7-x64

1

$TEMP/wifi.dll

windows10-2004-x64

1

BuildProps.dll

windows7-x64

1

BuildProps.dll

windows10-2004-x64

1

ConnUPnP.dll

windows7-x64

1

ConnUPnP.dll

windows10-2004-x64

1

Connectify.exe

windows7-x64

1

Connectify.exe

windows10-2004-x64

6

ConnectifyNAT.dll

windows7-x64

1

ConnectifyNAT.dll

windows10-2004-x64

1

Connectify...es.exe

windows7-x64

1

Connectify...es.exe

windows10-2004-x64

1

Connectifyd.exe

windows7-x64

1

Connectifyd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ConnectifyInstaller.exe

  • Size

    2.3MB

  • MD5

    bba89f330b31044a6c6569ee0614b615

  • SHA1

    1e1831ac192e85ffd87f9ca0861df9b170f2d519

  • SHA256

    4eb55b8382e711f6434967847653b7832de6bd5b4fe0fd18fb9add1c2c55c430

  • SHA512

    a57978cafdd4616ddb96ac3dc05aeba3b5888545cf15f4884452a8aaf7002e856f91dbf9d62be2b2d1115e8ffe3647469342fbfc3baa10b81c0d92925e39a7da

  • SSDEEP

    49152:cxBxnUgRYxw1DaR0L+AZe+bWR5wWu2Uqg8PEZAvp420u:YBxnUgRlDaXQWu27Lkru

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Windows\system32\pcaui.exe
      "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {36d031b7-bf74-4e17-8147-63bcf65fd348} -a "Connectify v5" -v "Connectify" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\ConnectifyInstaller.exe"
      2⤵
        PID:3580
      • C:\Windows\SysWOW64\RunDll32.exe
        RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\OCSetupHlp.dll",_OCPRD357RunOpenCandyDLL@16 3664
        2⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\OCSetupHlp.dll
      Filesize

      750KB

      MD5

      5686166442c2cfe6aba9baba48e4cc71

      SHA1

      cc6980469c59bfa6eca02d9765adc5fd0aa5edee

      SHA256

      2707d2ced65aca83c2970e55daab2e9fa7a1d9bde31d2afd3931681589d50e5d

      SHA512

      a5334cb0941373473e288120887e9ab89be1884c3ef23a62535ea578a8f6d33502183663092c9a92a76129196d1ec53e4d786fd425a3866c8465a108a190ee4b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\nsz2CFD.tmp\UAC.dll
      Filesize

      13KB

      MD5

      7f56c0d6a8733dec142814ed5a58b0ee

      SHA1

      c119e66f179cfb758966f3cf878466057bea1840

      SHA256

      86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

      SHA512

      8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

      Download Submit
    • memory/2920-24-0x0000000000F70000-0x0000000000F71000-memory.dmp
      Filesize

      4KB

      Download