Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
04/07/2024, 07:56
General
-
Target
$PROGRAMFILES/1ClickDownload/$PROGRAMFILES/1ClickDownload/uninst.exe
-
Size
46KB
-
MD5
7f731258cc0237bf3a7a864a4c2f8c44
-
SHA1
0ee075a6edb910bedcaada45b4e68df778ba96de
-
SHA256
af31fddfdf61a27a813e712d6b990a4ef5388a755cf166e0542ccc49c7a28a95
-
SHA512
2363f31ecc88fc86039b051ae19dff6fd30e1379d7a1c1109190f9c4881f25e14a3dd0e7a0442a9416c45dd4113a555349e0a7e86ffe8aace0c6c096c47dbd27
-
SSDEEP
768:+4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJugd2iZQAm6kRRS+NoJRnMtAy:xLXB65939tY6HBg4sXJugdLeAyNDtT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\uninst.exe"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\uninst.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\1ClickDownload\$PROGRAMFILES\1ClickDownload\2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD57f731258cc0237bf3a7a864a4c2f8c44
SHA10ee075a6edb910bedcaada45b4e68df778ba96de
SHA256af31fddfdf61a27a813e712d6b990a4ef5388a755cf166e0542ccc49c7a28a95
SHA5122363f31ecc88fc86039b051ae19dff6fd30e1379d7a1c1109190f9c4881f25e14a3dd0e7a0442a9416c45dd4113a555349e0a7e86ffe8aace0c6c096c47dbd27