Overview

overview

7

Static

static

3

152220f01c...18.exe

windows7-x64

7

152220f01c...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...c3.dll

windows7-x64

3

$PLUGINSDI...c3.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PROGRAMFI...ll.exe

windows7-x64

7

$PROGRAMFI...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PROGRAMFILES/1ClickDownload/$PROGRAMFILES/1ClickDownload/uninstall.exe

  • Size

    46KB

  • MD5

    1da83eb42e44745ba91d106d21e0ebc5

  • SHA1

    1cf79804d65ab5b2c56150d30f23e363fcc9a962

  • SHA256

    6a6b2acdbc2a20ac5cba17595a289ad696f570a14615bc3cfb2a89b28739222f

  • SHA512

    8b7376d326b9929c944a49c5f8f4ccbfc5396b0e703cd0b33d4bacf5ba6be48e05a16dd184e42158cf24bbda8aef9bd9f0434d749a4be4554b5a4f6467c5047c

  • SSDEEP

    768:+4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJagd2iZQAm6kRRS+NoJRnMtCJ:xLXB65939tY6HBg4sXJagdLeAyNDtjM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\uninstall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4328
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\
      2⤵
      • Executes dropped EXE
      PID:1588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    46KB

    MD5

    1da83eb42e44745ba91d106d21e0ebc5

    SHA1

    1cf79804d65ab5b2c56150d30f23e363fcc9a962

    SHA256

    6a6b2acdbc2a20ac5cba17595a289ad696f570a14615bc3cfb2a89b28739222f

    SHA512

    8b7376d326b9929c944a49c5f8f4ccbfc5396b0e703cd0b33d4bacf5ba6be48e05a16dd184e42158cf24bbda8aef9bd9f0434d749a4be4554b5a4f6467c5047c

    Download Submit