Overview

overview

7

Static

static

7

Book2.xlsm

windows7-x64

1

Book2.xlsm

windows10-2004-x64

1

GoogleClou...er.exe

windows7-x64

7

GoogleClou...er.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ze.dll

windows7-x64

7

$PLUGINSDI...ze.dll

windows10-2004-x64

7

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

deneme.html

windows7-x64

1

deneme.html

windows10-2004-x64

1

photo_qual...ate.py

windows7-x64

3

photo_qual...ate.py

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2024 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GoogleCloudSDKInstaller.exe

  • Size

    261KB

  • MD5

    4e17f649c448d908c421fa47f403cf67

  • SHA1

    be8384dbd44401cb48d6ad8593056e5cd741dade

  • SHA256

    b1a79901deb8e3bb861bfe4126bcebb51e1effaa8bacd227a4372b9ea77205ee

  • SHA512

    7aa6f194f0c0804369660e4c15dfd8ec9e29374e62fbcd588995d25230ffdfee1552d2a98d6ae2564fd72c1557dcc49139cb147044092719fc798d63f1857a69

  • SSDEEP

    6144:WlTeOP8bOJRZ6y5oK9JR0VSji0SI4BoZU9j2k:X5QZTyK/R0VOiBX9j9

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GoogleCloudSDKInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\GoogleCloudSDKInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy16FB.tmp\System.dll
    Filesize

    11KB

    MD5

    2ae993a2ffec0c137eb51c8832691bcb

    SHA1

    98e0b37b7c14890f8a599f35678af5e9435906e1

    SHA256

    681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    SHA512

    2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy16FB.tmp\UAC.dll
    Filesize

    14KB

    MD5

    4814167aa1c7ec892e84907094646faa

    SHA1

    a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

    SHA256

    32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

    SHA512

    fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy16FB.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    13b6a88cf284d0f45619e76191e2b995

    SHA1

    09ebb0eb4b1dca73d354368414906fc5ad667e06

    SHA256

    cb958e21c3935ef7697a2f14d64cae0f9264c91a92d2deeb821ba58852dac911

    SHA512

    2aeeae709d759e34592d8a06c90e58aa747e14d54be95fb133994fdcebb1bdc8bc5d82782d0c8c3cdfd35c7bea5d7105379d3c3a25377a8c958c7b2555b1209e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy16FB.tmp\nsResize.dll
    Filesize

    4KB

    MD5

    aa849e7407cf349021812f62c001e097

    SHA1

    4cbb55b1d1dd95dcb7a36b5a44121ad4934539af

    SHA256

    29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5

    SHA512

    4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de

    Download Submit

  • memory/1992-26-0x00000000747D0000-0x00000000747D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1992-27-0x00000000747D0000-0x00000000747D9000-memory.dmp

    Filesize

    36KB

    Download