77763018072adb9e864f06deac9ae588a7ec4ea1a112f9f82c6201d5b7973e84

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/vcredist_x86.exe
Size

4.0MB
MD5

5689d43c3b201dd3810fa3bba4a6476a
SHA1

6939100e397cef26ec22e95e53fcd9fc979b7bc9
SHA256

41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b
SHA512

4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b
SSDEEP

49152:DQC7p7i0AY9PE1UJEfcnKiJ/K7+RIaCSi3haenvUvwwZDfimxQ02BhoZGxaJq8QQ:DLp7ilY9CQEcKz+kSixJvzwZeK2ggYK4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2412	install.exe

Loads dropped DLL 2 IoCs

pid	Process
2416	vcredist_x86.exe
2412	install.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2412	install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28
PID 2416 wrote to memory of 2412	2416	vcredist_x86.exe	28

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vcredist_x86.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2416
- \??\c:\55ee084d14473ea2aaadee9bcee4\install.exe
  c:\55ee084d14473ea2aaadee9bcee4\.\install.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\55ee084d14473ea2aaadee9bcee4\install.exe

Filesize
549KB

MD5
33c9213ff5849ef7346799cae4d8ac80

SHA1
5421169811570171e9d2d0a1cdca9665273e7b59

SHA256
3377e31d233ff41aea253e6221815820997763acdf40b005f8791400366cb8ff

SHA512
da0fc3f57156e06c0c37c1fb5176e1b147ce4aa21f519112123722496b04ad4bc3d366e2b51fd78de1ba0304d35bfd5e5fc95cabc2b3eb174f77636a8fa162a1

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\eula.1033.txt

Filesize
9KB

MD5
162fc8231b1bd62f1d24024bb70140d5

SHA1
7fa4601390f1a69b4824ee1334bee772c2941a24

SHA256
c68a0fd93e8c64139a42af4fcd4670c6faea3a5d5d1e9dd35b197f7d5268d92b

SHA512
a707b5ef0e914ba61e815be5224831441922ed8d933f7a2ffe8aecf41f5a1790a1e45981f19d86aa5eab5ea73d03b0c8e2ab6b9f398ab0154d1c828da6f6beda

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\globdata.ini

Filesize
1KB

MD5
0a6b586fabd072bd7382b5e24194eac7

SHA1
60e3c7215c1a40fbfb3016d52c2de44592f8ca95

SHA256
7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

SHA512
b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\install.ini

Filesize
844B

MD5
5feaa6a36fea7dfdb88c18d69ba6d6a9

SHA1
7afd91a7b046d68b6ee9fd367bcd7a4fec546216

SHA256
67a50ffbb8a1d500eaa4d9f0227d6a8595a2750154e6b31662fc4f51286e47fc

SHA512
6c8c0456f232a02a49d51b3f1a830a18b9078e621cd0dc3f4f76f79b83035e8affac67bce3af9a37fa9096a34a8499c59cf982b63a4b2400b9190d2db293e682

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\install.res.1033.dll

Filesize
89KB

MD5
8e97ea8a1ed69806232e8743f9a28706

SHA1
e911d3802e64f9be0e1ac68865bbcc92624d6a1f

SHA256
2893b1b9751f833d4a3ded7c1fba1a96cada2927a2349c5d751365eed647c100

SHA512
aa57fe0b822145aa1d8eb72f9735ef5d92036f24c4c80392799d701447d18ea510331f5653b39c43dc923cd0f1a61bf87be0f8a4927f6e3754d19ac76fd443c3

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\vc_red.msi

Filesize
227KB

MD5
6e17361f8e53b47656bcf0ed90ade095

SHA1
bce290a700e31579356f7122fb38ce3be452628a

SHA256
8811e5fe167223d906701bc8deb789de0a731e888e285834bcae164b03d43c96

SHA512
a566fc8bbb4d354db32f13de2fde73a1210c61b1c30a1be22b16c7e98b8d51c673259c57a924b04035cb9f0bf4a087a3e8b32221e7ff87032cddc840ffe3ed2f

Download Submit
\??\c:\55ee084d14473ea2aaadee9bcee4\vcredist.bmp

Filesize
5KB

MD5
06fba95313f26e300917c6cea4480890

SHA1
31beee44776f114078fc403e405eaa5936c4bc3b

SHA256
594884a8006e24ad5b1578cd7c75aca21171bb079ebdc4f6518905bcf2237ba1

SHA512
7dca0f1ab5d3fd1ac8755142a7ca4d085bb0c2f12a7272e56159dadfa22da79ec8261815be71b9f5e7c32f6e8121ecb2443060f7db76feaf01eb193200e67dfd

Download Submit
memory/2412-35-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2412-38-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads