Overview

overview

7

Static

static

7

f6dea9e303...d2.exe

windows7-x64

7

f6dea9e303...d2.exe

windows10-2004-x64

7

$PLUGINSDIR/BI.exe

windows7-x64

7

$PLUGINSDIR/BI.exe

windows10-2004-x64

7

$PLUGINSDI...CC.exe

windows7-x64

7

$PLUGINSDI...CC.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

7

$PLUGINSDI...er.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...PIE.js

windows7-x64

3

$PLUGINSDI...PIE.js

windows10-2004-x64

3

$PLUGINSDI...ed.htm

windows7-x64

1

$PLUGINSDI...ed.htm

windows10-2004-x64

1

$PLUGINSDI...API.js

windows7-x64

3

$PLUGINSDI...API.js

windows10-2004-x64

3

$PLUGINSDI...ams.js

windows7-x64

3

$PLUGINSDI...ams.js

windows10-2004-x64

3

$PLUGINSDI...PIE.js

windows7-x64

3

$PLUGINSDI...PIE.js

windows10-2004-x64

3

$PLUGINSDI...Bar.js

windows7-x64

3

$PLUGINSDI...Bar.js

windows10-2004-x64

3

$PLUGINSDI...ore.js

windows7-x64

3

$PLUGINSDI...ore.js

windows10-2004-x64

3

$PLUGINSDI...min.js

windows7-x64

3

$PLUGINSDI...min.js

windows10-2004-x64

3

$PLUGINSDI...on2.js

windows7-x64

3

$PLUGINSDI...on2.js

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/ProxyInstaller.exe

  • Size

    85KB

  • MD5

    4cf4271a1f2595b94e220d3f8fc1a5d9

  • SHA1

    1e78d6351aecce6a6c7984b4e69126e20445d2f5

  • SHA256

    6603d6ee8dd5fd5145bffd8a639a219b59b91ed93d100732e020da6245dddb52

  • SHA512

    8f032aa89ae8084dd89eb2945da62e83fe294098c3cc0f9e3bda0d5db093cb56d7384bc1290cbd4980183b39e00ef7e72be6ed1aad8476cb0ca7de0073373d8c

  • SSDEEP

    1536:4ErPZ3IBZcbTfu1HlrJFCPcbPncO3oLxO7sPBiJQRsCoH7hfJuiW:HPC23aJFC0bPnVY5BiJQyC276iW

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 19 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ProxyInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ProxyInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DownloadACC.exe
      DownloadACC.exe "-localPath=" "-url=http://" "-regPath=Software\Conduit\DistributionEngine\Download\\"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso1843.tmp\DownloadACC.dll
    Filesize

    97KB

    MD5

    807114f67a584a8e4ba9117cf60d3c88

    SHA1

    7187ed05aeade46ce4023a50b6e4b6ece2f3e69d

    SHA256

    8068ea7fd96dee94bbb22e9282880b33fd08b31e96a580e6bd8c29c51ce8550f

    SHA512

    69c38913503729d9117f6618c754673f204b8b3e4f9d82ddc271f34b48f2d3fa26931aee366b3b5d71cbc7364b97769c4d502cbd21faa756f3d93940be730b7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1843.tmp\System.dll
    Filesize

    17KB

    MD5

    7faa4cede342ffaa00ee96491866baec

    SHA1

    f686373e0f4026600640895e91b11a4277269972

    SHA256

    28c00e1cb4147a0001a5e05daeac9bd738f63e106ba25d6bc5987c4ff1df97d7

    SHA512

    77c43c8cc4f32cbcd73bdd9d6cbcc4bbccedff7f62f461273ebe49a1f2c5a63d29e16e3c16c3a6d3949ec95dfcbd79be0fb98f3354281b02c6ef74e8eed69894

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst17C6.tmp\System.dll
    Filesize

    16KB

    MD5

    f6029b4a0501aae178d8c718e38ee2b9

    SHA1

    ae2e181a799e638357c641103997cb24065d4f25

    SHA256

    a0336b52ec99ec4355e1cdc5b3374a45af586a60dc036917e1daff05fa151086

    SHA512

    6648c2a1f9b312f351810e1e7dc69f33a7cbceb710de96d585527fda5fa1e86b00a38034414597ea75ce0a5052c1e2bcae265d01d4541f666a61a0ec0a79bff9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst17C6.tmp\inetc.dll
    Filesize

    28KB

    MD5

    2d949f5ca08919067c056f0a76c1c747

    SHA1

    fd1727b91b125b3e85d061cb1a06b45edf7f8701

    SHA256

    a4c6da1e7cb0691dba1cb6b47239ad5967a107e87221e402b853f64d798f2d94

    SHA512

    0b9a7f580e09541f9762ac755e056ee683612dec04801dfd2b9b03897765b3ab0d10e2be4b9636316c11cb8eba1cc60d1be60eaa90bbb0b9c1ee8994e01cdc2f

    Download Submit

  • memory/2728-33-0x0000000074420000-0x000000007445E000-memory.dmp

    Filesize

    248KB

    Download