Overview

overview

8

Static

static

3

49274bd66a...0a.exe

windows7-x64

8

49274bd66a...0a.exe

windows10-2004-x64

8

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 16:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a.exe

  • Size

    473KB

  • MD5

    33bc360990c66beea144ae48d17504a6

  • SHA1

    7dfb4c70ef7d73c8618ce8799d414ba3c3fe9684

  • SHA256

    49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a

  • SHA512

    a83b83ff3c462d39351553372055e0c16d98c8cfe3083c6958b631861575901cf68925d6a7dadab68f3c78deb59bab7d3d7541946f6e6b69073a5007fd3af1dd

  • SSDEEP

    12288:TKYi/Le1bRNn/XoeBKk3nM40FC8/1YnrfY2:OFDe111/XlBLv0FCOcrfY2

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell and hide display window.

    execution
  • Loads dropped DLL 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a.exe
    "C:\Users\Admin\AppData\Local\Temp\49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Superintendency=Get-Content 'C:\Users\Admin\AppData\Local\Temp\Servicebureauet\aloe\Reshipment.Bag';$Fjernskrivendes=$Superintendency.SubString(1030,3);.$Fjernskrivendes($Superintendency)"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1192
      • C:\Users\Admin\AppData\Local\Temp\Slringsnettets.exe
        "C:\Users\Admin\AppData\Local\Temp\Slringsnettets.exe"
        3⤵
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        PID:4164

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Servicebureauet\aloe\Reshipment.Bag
          Filesize

          66KB

          MD5

          a4b2bd7f121cc14e7aab05a8ffbb5baf

          SHA1

          722dab40a35645c7b1509fef35892c9b181e1ee6

          SHA256

          1cca145232a34bca0954995d0807c3ebe65c397b9b389eded731f4f0b070ae55

          SHA512

          0f066e1b87bddd3034eade969db37837c1fa104be0c3a5f8aa7c3a91e975ba8cdbfdf1f376aecb5f40531b4505ed625f3c5f9e12ec5943fe5eb36d3877fab7c2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Servicebureauet\aloe\Vehftes.Red
          Filesize

          340KB

          MD5

          b6edc4ee879f912d3aba560ce2a3ba8d

          SHA1

          fc51052392372b65f5abf375d805f89fdbeda043

          SHA256

          2d070f42aaccd649f2182e50af8cc227a910e9fe0849080a395edfc86f1267a3

          SHA512

          a1c6cae8ee4457d8a9d9430efdb6730e35c8b961a1a9f50992f7069843abb42963a66e639bea9d6c1496bf8797c4475c6cb938579dbdd40c296263aeaed35eb1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Slringsnettets.exe
          Filesize

          473KB

          MD5

          33bc360990c66beea144ae48d17504a6

          SHA1

          7dfb4c70ef7d73c8618ce8799d414ba3c3fe9684

          SHA256

          49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a

          SHA512

          a83b83ff3c462d39351553372055e0c16d98c8cfe3083c6958b631861575901cf68925d6a7dadab68f3c78deb59bab7d3d7541946f6e6b69073a5007fd3af1dd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bldjr5da.dcr.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj8FBE.tmp\BgImage.dll
          Filesize

          7KB

          MD5

          350a507070ed063ac6a511aeef67861a

          SHA1

          cf647b90a1212e090f1d236d1b50a5010cbf3bae

          SHA256

          5c66abd3f06eaa357ed9663224c927cf7120dca010572103faa88832bb31c5ab

          SHA512

          cde5747cc8539625e4262afad9699ce4e8325133d7ed7f47b9d46989a7aa0d2cc2488441acc57368f485ef1dd3e02b9ef2faa642f68e9f1db53a39e0f896d468

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj8FBE.tmp\nsDialogs.dll
          Filesize

          9KB

          MD5

          13b6a88cf284d0f45619e76191e2b995

          SHA1

          09ebb0eb4b1dca73d354368414906fc5ad667e06

          SHA256

          cb958e21c3935ef7697a2f14d64cae0f9264c91a92d2deeb821ba58852dac911

          SHA512

          2aeeae709d759e34592d8a06c90e58aa747e14d54be95fb133994fdcebb1bdc8bc5d82782d0c8c3cdfd35c7bea5d7105379d3c3a25377a8c958c7b2555b1209e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj8FBE.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          b648c78981c02c434d6a04d4422a6198

          SHA1

          74d99eed1eae76c7f43454c01cdb7030e5772fc2

          SHA256

          3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9

          SHA512

          219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2

          Download Submit

        • C:\Users\Admin\Desktop\Flyverdragter.lnk
          Filesize

          1KB

          MD5

          fcc1264f70ec247c93887aa2e93685cc

          SHA1

          b807d0b8add4dda1e2638bdae5ed4d58ed0cfdb4

          SHA256

          6f1fa1adeb68fe6204735b4f9c52da5e24bd9b2e082fc40124ca64d9bb93f7df

          SHA512

          66c889b311e7a318b3d4919637dfca187316c40d429f6fffcc85380d69671d4ecf4215a1ec55e34021d7af247c42cc09d8d5389dccc6f1962d69eb05629c2dba

          Download Submit

        • memory/1192-202-0x0000000006B00000-0x0000000006B22000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1192-208-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-186-0x0000000005EE0000-0x0000000005F46000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1192-185-0x0000000005E40000-0x0000000005E62000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1192-184-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-193-0x0000000005FC0000-0x0000000006314000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1192-198-0x00000000065A0000-0x00000000065BE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1192-199-0x0000000006640000-0x000000000668C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1192-200-0x0000000007560000-0x00000000075F6000-memory.dmp

          Filesize

          600KB

          Download

        • memory/1192-201-0x0000000006AB0000-0x0000000006ACA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1192-182-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-203-0x0000000007BB0000-0x0000000008154000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1192-183-0x0000000005710000-0x0000000005D38000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/1192-205-0x00000000087E0000-0x0000000008E5A000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/1192-207-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-187-0x0000000005F50000-0x0000000005FB6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1192-209-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-181-0x0000000002FD0000-0x0000000003006000-memory.dmp

          Filesize

          216KB

          Download

        • memory/1192-211-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-213-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-212-0x0000000008E60000-0x000000000A7A1000-memory.dmp

          Filesize

          25.3MB

          Download

        • memory/1192-214-0x00000000737FE000-0x00000000737FF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-180-0x00000000737FE000-0x00000000737FF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-241-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-230-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-232-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-234-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1192-236-0x00000000737F0000-0x0000000073FA0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4164-233-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/4164-217-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download