Overview

overview

10

Static

static

5

Dropped Ma...2f.exe

windows11-21h2-x64

Dropped Malware/1.exe

windows11-21h2-x64

Dropped Ma...29.exe

windows11-21h2-x64

10

Dropped Ma...89.xls

windows11-21h2-x64

1

Dropped Ma...df.exe

windows11-21h2-x64

8

Dropped Ma...er.exe

windows11-21h2-x64

10

Dropped Ma...df.exe

windows11-21h2-x64

8

Dropped Ma...00.exe

windows11-21h2-x64

7

Dropped Ma...DF.bat

windows11-21h2-x64

8

Dropped Ma...61.exe

windows11-21h2-x64

10

Dropped Ma...df.exe

windows11-21h2-x64

10

Dropped Ma...89.xls

windows11-21h2-x64

1

Dropped Ma...df.exe

windows11-21h2-x64

8

Dropped Ma...df.exe

windows11-21h2-x64

5

Dropped Ma...00.vbs

windows11-21h2-x64

8

Dropped Ma...df.exe

windows11-21h2-x64

8

Dropped Ma...B).vbs

windows11-21h2-x64

10

Dropped Ma...df.exe

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

Errors

Reason
office: non-rc4 encrypted document not supported
Reason
office: non-rc4 encrypted document not supported

General

  • Target

    Dropped Malware.zip

  • Size

    9.8MB

  • MD5

    d0581ce7e9911fcd2a002891bde2aa99

  • SHA1

    f0c26a67290790cb04d6d8518fb1ca45350ea593

  • SHA256

    49042e86af4503a917b8408c4faab2759688065a429015a2c90430fa7371291f

  • SHA512

    8363e7e3b2cd0f7354667bb50eba432219e261a35e21edfa8688e1cc36abe22da25ae6c8019222aec24f2ba248f817dd60c081efcf993302f370e7a6a084a9f0

  • SSDEEP

    196608:Lq06dZiAS83wMTzBEOv2hFjQLTemwT9BlCljndX5OoGEFBZEbQB8HsK:QL3PEE2hFj+Tyv+ndlIbQB8H5

Score
5/10

Malware Config

Signatures

  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 35 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 14 IoCs
    installer

Files

  • Dropped Malware.zip
    .zip
  • Dropped Malware/01622664c6bf1a51484157d73fb4a42f.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Dropped Malware/1.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Dropped Malware/BNP DOC 12578945329763-7633562829.exe
    .exe windows:6 windows x64 arch:x64

    8f2ed59ffaf0389477f5411c8b4c37fd


    Headers

    Imports

    Exports

    Sections

  • Dropped Malware/Comprobante de pago_978989689.xla
    .xls .xla windows office2003
  • Dropped Malware/Document BT24·pdf.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    2e8d5524d09b794f343fa9e2df0a1d87


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BgImage.dll
    .dll windows:4 windows x86 arch:x86

    bdcecc8b26871abb93996c6c18e09c94


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    6b7d154c806f1e47db325229c300c6df


    Headers

    Imports

    Exports

    Sections

  • Unifacial/Reparationsudgift/jomfruelige.fak
  • Unifacial/Reparationsudgift/prveudtagningsfrekvenser.blo
  • Unifacial/Reparationsudgift/voguishness.cha
  • Unifacial/attraktioner.txt
  • Unifacial/bloknings.fle
  • Unifacial/cassie.dat
  • Upraught/Bantingize.cha
  • Upraught/Efterbyrd.per
  • Upraught/Photoflash.Han
  • Upraught/Utaltes.Pos
  • Upraught/antologis.flb
  • Dropped Malware/Jailkeeper.exe
    .exe windows:4 windows x86 arch:x86

    57e98d9a5a72c8d7ad8fb7a6a58b3daf


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • Absorbable.sul
  • Aircraft.Bif
  • Jackhead/Randon17.vgr
  • Jackhead/keelhauls.scr
  • Jackhead/primaveksel.txt
  • Kontrasignatur/skohornet.ser
  • Kontrasignatur/temperatures.ref
  • Rentvistens.Afv
  • Dropped Malware/LHDNM TAKSIRAN 2023·pdf.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    2e8d5524d09b794f343fa9e2df0a1d87


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BgImage.dll
    .dll windows:4 windows x86 arch:x86

    bdcecc8b26871abb93996c6c18e09c94


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    6b7d154c806f1e47db325229c300c6df


    Headers

    Imports

    Exports

    Sections

  • Aerial/cassie.dat
  • Aerial/jomfruelige.fak
  • Aerial/prveudtagningsfrekvenser.blo
  • Aerial/voguishness.cha
  • Distanceblnderne.Hes
  • Nonwelcome.Vol
  • Unsel/Bantingize.cha
  • Unsel/Efterbyrd.per
  • Unsel/Selvvrd/bloknings.fle
  • Unsel/antologis.flb
  • Unsel/attraktioner.txt
  • Dropped Malware/Order 000293884849900.exe
    .exe windows:4 windows x86 arch:x86

    57e98d9a5a72c8d7ad8fb7a6a58b3daf


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • Absorbable.sul
  • Dmper.Per234
  • Matacan.For144
  • Randon17.vgr
  • keelhauls.scr
  • primaveksel.txt
  • skohornet.ser
  • temperatures.ref
  • Dropped Malware/Ordine n.487685934 GIANCARLO & C. s.r.l convulsional.bat
  • Dropped Malware/PO 903886563 PDF.bat
    .bat .vbs
  • Dropped Malware/PO2024-0961.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • Dropped Malware/PRODUCTS LIST pdf.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Dropped Malware/Product Inquiry466789.xls
    .xls windows office2003
  • Dropped Malware/Quote Request (Tupy S.A.) 523AM - 924BR·pdf.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    2e8d5524d09b794f343fa9e2df0a1d87


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BgImage.dll
    .dll windows:4 windows x86 arch:x86

    bdcecc8b26871abb93996c6c18e09c94


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    6b7d154c806f1e47db325229c300c6df


    Headers

    Imports

    Exports

    Sections

  • Bantingize.cha
  • Cotes13/bloknings.fle
  • Cotes13/cassie.dat
  • Cotes13/jomfruelige.fak
  • Efterbyrd.per
  • Gasolier166/prveudtagningsfrekvenser.blo
  • Gasolier166/voguishness.cha
  • Hoodmold.pal
  • Overtidsbetalingers.Afl
  • antologis.flb
  • attraktioner.txt
  • Dropped Malware/REQUEST FOR QUOTATION_pdf.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • Dropped Malware/Transaction_Execution_Confirmation_000000.vbs
  • Dropped Malware/faktura_7171503997·pdf.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    2e8d5524d09b794f343fa9e2df0a1d87


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BgImage.dll
    .dll windows:4 windows x86 arch:x86

    bdcecc8b26871abb93996c6c18e09c94


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    6b7d154c806f1e47db325229c300c6df


    Headers

    Imports

    Exports

    Sections

  • Bantingize.cha
  • Efterbyrd.per
  • Gyptologiske.Udl
  • Indstningernes.Svi
  • Simplicidentata/attraktioner.txt
  • Simplicidentata/kakofonier/bloknings.fle
  • Simplicidentata/kakofonier/cassie.dat
  • Simplicidentata/kakofonier/jomfruelige.fak
  • Simplicidentata/kakofonier/prveudtagningsfrekvenser.blo
  • Simplicidentata/kakofonier/voguishness.cha
  • antologis.flb
  • Dropped Malware/ups_awb_shipping_post_26062024224782020031808174CN18240624000002624(991KB).vbs
  • Dropped Malware/帳單發票_200548224648·pdf.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    2e8d5524d09b794f343fa9e2df0a1d87


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BgImage.dll
    .dll windows:4 windows x86 arch:x86

    bdcecc8b26871abb93996c6c18e09c94


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    6b7d154c806f1e47db325229c300c6df


    Headers

    Imports

    Exports

    Sections

  • Bygningsbestanddels/Kork.Eks
  • Bygningsbestanddels/Pitilessness.Lge211
  • Dysfatikerens/voguishness.cha
  • Gstelrers/Bantingize.cha
  • Gstelrers/Licenced/Efterbyrd.per
  • Gstelrers/Licenced/antologis.flb
  • Trencherman/attraktioner.txt
  • Trencherman/bloknings.fle
  • Trencherman/cassie.dat
  • Trencherman/jomfruelige.fak
  • Trencherman/prveudtagningsfrekvenser.blo