44f8c6d910bdd64409df55d77d40a9bce75968b3179605c0bb7e8e68dcb1f0b7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

87KB
MD5

31fd88e81040ed9082e26c0f4a66451a
SHA1

ebb73c091e539a335392ac2037fb493913ce8724
SHA256

70c568196054f4a20c24b22f77c685fd89f164beed538e8f44eda99e3b054993
SHA512

cc4536d8011e7fc103fe7a4133f36aef210393eb3ad33baa66ab0c9a8fd6ae7678b12b7dd609dd518deb577b822b472c9222ba00011ef1f0ce83cc7a65e29769
SSDEEP

1536:aspe3RDckBV0DdkJOHR83d0cpdXwyNLIAW35pSkeVS9XaxIdPa6:aa1DdkJoR85pdXnLIA8p3eVS9XT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2352	Au_.exe

Loads dropped DLL 6 IoCs

pid	Process
2388	Uninstall.exe
2352	Au_.exe
2352	Au_.exe
2352	Au_.exe
2352	Au_.exe
2352	Au_.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral19/files/0x0005000000019236-2.dat	nsis_installer_1

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2352	Au_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30
PID 2388 wrote to memory of 2352	2388	Uninstall.exe	30

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstB06C.tmp\ioSpecial.ini

Filesize
610B

MD5
5b5880ef1be463e4f34deacd66c2e5d8

SHA1
f5d963460fea074d1c22c703c92365896fbb3d96

SHA256
95c24097b18bf73d23786009063bcdfdb1914d386b71e2746c9aa3f7dcb65d61

SHA512
9495f4038478d46bd58475c26fc259e29a1cf0907178d1c90cab3a47cfb4f307dd7ea36b8d285dba9b2c1d6ed42d40c61fed04c927e86892f8f58ac3f07a12ac

Download Submit
\Users\Admin\AppData\Local\Temp\nstB06C.tmp\InstallOptions.dll

Filesize
12KB

MD5
3c19f79ce11facc2fc4d3351dbb263e0

SHA1
17f4bf4b18ea7700f70ac7d825dc997be0d25f71

SHA256
cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

SHA512
05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

Download Submit
\Users\Admin\AppData\Local\Temp\nstB06C.tmp\System.dll

Filesize
10KB

MD5
725145e8caa39635cab9899c47c72eda

SHA1
30478c907551bd920bf359638b091fc5c10b5a53

SHA256
1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

SHA512
de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

Download Submit
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
87KB

MD5
31fd88e81040ed9082e26c0f4a66451a

SHA1
ebb73c091e539a335392ac2037fb493913ce8724

SHA256
70c568196054f4a20c24b22f77c685fd89f164beed538e8f44eda99e3b054993

SHA512
cc4536d8011e7fc103fe7a4133f36aef210393eb3ad33baa66ab0c9a8fd6ae7678b12b7dd609dd518deb577b822b472c9222ba00011ef1f0ce83cc7a65e29769

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads