Overview

overview

8

Static

static

3

SmartClien...is.dll

windows7-x64

3

SmartClien...is.dll

windows10-2004-x64

3

SmartClien...DK.dll

windows7-x64

1

SmartClien...DK.dll

windows10-2004-x64

1

SmartClien...PI.dll

windows7-x64

1

SmartClien...PI.dll

windows10-2004-x64

1

SmartClien...re.dll

windows7-x64

1

SmartClien...re.dll

windows10-2004-x64

1

SmartClien...Qr.dll

windows7-x64

1

SmartClien...Qr.dll

windows10-2004-x64

1

SmartClien...Is.dll

windows7-x64

1

SmartClien...Is.dll

windows10-2004-x64

1

SmartClien...ge.dll

windows7-x64

3

SmartClien...ge.dll

windows10-2004-x64

3

SmartClien...55.dll

windows7-x64

1

SmartClien...55.dll

windows10-2004-x64

1

SmartClien...PC.dll

windows7-x64

1

SmartClien...PC.dll

windows10-2004-x64

1

SmartClien...is.dll

windows7-x64

1

SmartClien...is.dll

windows10-2004-x64

1

SmartClien...ig.dll

windows7-x64

1

SmartClien...ig.dll

windows10-2004-x64

1

SmartClien...nt.exe

windows7-x64

1

SmartClien...nt.exe

windows10-2004-x64

1

SmartClien...ap.exe

windows7-x64

8

SmartClien...ap.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/Packet.dll

windows7-x64

1

$SYSDIR/Packet.dll

windows10-2004-x64

1

$SYSDIR/pthreadVC.dll

windows7-x64

1

$SYSDIR/pthreadVC.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    28s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SmartClient/WinPcap.exe

  • Size

    893KB

  • MD5

    a11a2f0cfe6d0b4c50945989db6360cd

  • SHA1

    e2516fcd1573e70334c8f50bee5241cdfdf48a00

  • SHA256

    fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de

  • SHA512

    2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70

  • SSDEEP

    24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SmartClient\WinPcap.exe
    "C:\Users\Admin\AppData\Local\Temp\SmartClient\WinPcap.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\SysWOW64\net.exe
      net start npf
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 start npf
        3⤵
          PID:2716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\bootOptions.ini
      Filesize

      371B

      MD5

      c3655063fb2c5d311032636d4ea80a6a

      SHA1

      5eee37720532b7f155a917a52c1f3780ad89040b

      SHA256

      36dac7ae69334f64c9d24d6b2420fe562131ae225ad849ae6a97dedc3b18a156

      SHA512

      1bb4c042516c1654ee8d53973ac338b3c4742168071a5891e10d519811d99443b35ea29090b3869479fdcfa68046cdd829ccedc22cc7955e461a532926ab6203

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\bootOptions.ini
      Filesize

      362B

      MD5

      00b10dd8ca1c1534f9753318a6e142e8

      SHA1

      32c78676bc74a0f183ee9f26e87926d033e11d20

      SHA256

      efc0bfc6aed4ce606c08191ca0cd1d055e1bd836ed93369f4755a2f3be94e9f9

      SHA512

      18375736d34a2850e0ffa4da388e770fa52503cb7e7625637a723f118283f19a8a57993ae6703f9b7c3127cdc5e4ec931de3a71c23e9f4f5cfc3da1ab29dbfc0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\ioSpecial.ini
      Filesize

      556B

      MD5

      1c141d7001f621345f5de6b396598404

      SHA1

      1edbb12e02f1ea32278045ecbeda504e9186851d

      SHA256

      beaab3a5c04737c09b1ccd240252985a84378db099888a1c6ad98d529e667520

      SHA512

      a44a27c5d67b434ad461cfb134e302563999c82197c48149e6df806f29354198e427817a528a28dea311149f396387ef175f1d5402f5460638f70130fe711da6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\ioSpecial.ini
      Filesize

      578B

      MD5

      e298238f5274ee8026d922febcd9fd4d

      SHA1

      bf73767a384601b90048792cce0afdf40255d1bb

      SHA256

      58c1a9020590c6fd372274f39f93f52b9e0d7cc803bc5fbc442b3e90867f4b12

      SHA512

      c4ccdca92c83dd3d716eaccec71a453980e35c3b92569479403d7504c87cfe7032db75a2019bf1b0563237659960a94f78a0f07b58df4ca9af122f84e3be4109

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\ioSpecial.ini
      Filesize

      556B

      MD5

      b551777687220b45e0317a5671078717

      SHA1

      b463d0a8eda68e2e8a758eb26f80c5d33a5d986f

      SHA256

      3c402799cb908abc38f7a064500baa58ecad549394200ca86b1a8f43984581da

      SHA512

      3c85d600827eece277ebe9983ec83e40ffd8795b0c362fd52c4d10de10c073d9ba18a9c93abe700e4c36c83bb3f67f01494e52e709f0426941cf308a246b7cba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso7927.tmp\ioSpecial.ini
      Filesize

      591B

      MD5

      6d197bd83bb63dd13cd9d39b378dace7

      SHA1

      979b27260988b23ac5def10e82937a39b7817799

      SHA256

      36917079871eb4c26044a2d8514a8990014071a9195be3c78d30fba2c835bf05

      SHA512

      4fd4415fbf3795682f234e68db40807b09181b3c60d6224b251c3e4119c2f7cd0606a358ff2309a01a71815c38f5b3b27f6a74278ede18522dafd1728f967304

      Download Submit

    • \Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso7927.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso7927.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      325b008aec81e5aaa57096f05d4212b5

      SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

      SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

      SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso7927.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso7927.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      7579ade7ae1747a31960a228ce02e666

      SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

      SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

      SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

      Download Submit

    • memory/2260-137-0x0000000000C00000-0x0000000000C16000-memory.dmp

      Filesize

      88KB

      Download