Overview

overview

7

Static

static

3

213d883411...18.exe

windows7-x64

7

213d883411...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

MessengerDetect.exe

windows7-x64

1

MessengerDetect.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

WinPcap_4_1_1.exe

windows7-x64

7

WinPcap_4_1_1.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

$SYSDIR/Packet.dll

windows7-x64

1

$SYSDIR/Packet.dll

windows10-2004-x64

1

$SYSDIR/pthreadVC.dll

windows7-x64

1

$SYSDIR/pthreadVC.dll

windows10-2004-x64

1

$SYSDIR/wpcap.dll

windows7-x64

1

$SYSDIR/wpcap.dll

windows10-2004-x64

1

$TEMP/CACE_Banner.htm

windows7-x64

1

$TEMP/CACE_Banner.htm

windows10-2004-x64

1

WinPcapInstall.dll

windows7-x64

1

WinPcapInstall.dll

windows10-2004-x64

3

rpcapd.exe

windows7-x64

1

rpcapd.exe

windows10-2004-x64

1

mdsrv.exe

windows7-x64

1

mdsrv.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinPcap_4_1_1.exe

  • Size

    903KB

  • MD5

    2caa5498171b21388168c13ad4f4a157

  • SHA1

    8ad800ae50167676b7a695c919b0b72340a7ff24

  • SHA256

    8e57d910173fb471f4a02911d652a4a65c1632cacb67f759472b1d7ec9995f87

  • SHA512

    0aa60248ca80ce9d138bfa8eea07ee1fbd8f6217d21671e9187c02d06102c435bc4f84623ffa73c44600c3d3a2f3b73863893ece477d0f478d9dbd89ba340f81

  • SSDEEP

    24576:dDSdG+TQ60EYPLM2aalJYlH5gKg2SWLqruWqWPQDv2q0Rg2XUryOdru:ZSdtTqLojHZ1LiugQy94fdK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_1.exe
    "C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CACE_Banner.htm
    Filesize

    975B

    MD5

    e2e69e49126d7e7dbd4c6573121ac56f

    SHA1

    a2f6c517872838730ca18d9f4c823cd6934426e4

    SHA256

    5738ed20f0727fb06587483ac2cef9e813d1c26676516ee2713a782de9bfd240

    SHA512

    bebc14cdd2e1f88d39742077310905bb0a007722aa75f92b9fccf136dc75874623039435a18a6cebc6513d6c832e9c4de58afcce5aebff4399195f18af918dd7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd20DA.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    1e8e11f465afdabe97f529705786b368

    SHA1

    ea42bed65df6618c5f5648567d81f3935e70a2a0

    SHA256

    7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b

    SHA512

    16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd20DA.tmp\nsWeb.dll
    Filesize

    8KB

    MD5

    84bcf3c71e70d5a6e9dc07d70466bdc3

    SHA1

    31603a1afc2d767a3392d363ff61533beaa25359

    SHA256

    7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    SHA512

    61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    Download Submit