Overview
overview
4Static
static
3SteamSetup.exe
windows7-x64
4$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows7-x64
3Steam.exe
windows7-x64
4bin/SteamService.exe
windows7-x64
1uninstall.exe
windows7-x64
4$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...nk.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows7-x64
3Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
07-07-2024 18:22
Static task
static1
Behavioral task
behavioral1
Sample
SteamSetup.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240705-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240704-en
Behavioral task
behavioral7
Sample
Steam.exe
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
bin/SteamService.exe
Resource
win7-20240704-en
Behavioral task
behavioral9
Sample
uninstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ShellLink.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
General
-
Target
uninstall.exe
-
Size
139KB
-
MD5
4f009883567dfa9e908c5ffa25a2fa0a
-
SHA1
5848783144c5a04fd4fff71651e3195444156b03
-
SHA256
d0b0305b42c35716482a6aa08c8257c19aad225e3ffd9ab1f0de411d8b9e592e
-
SHA512
015e03849ccb6f646538ebb5a1f75bd973258564a4d2664f51da11e88316e9a3d2863de131f105daf2173a5c494e6c6bcc621c6952144ed4bf4bd2bbdec5ef6d
-
SSDEEP
3072:cAe+3aJpgWXTBuA/JFONMVRO9qyVK+J5n/79:/B+pgUXJFOSVAqyVK+J5nj9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3036 Un_A.exe -
Loads dropped DLL 2 IoCs
pid Process 1988 uninstall.exe 3036 Un_A.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3036 Un_A.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1988 wrote to memory of 3036 1988 uninstall.exe 31 PID 1988 wrote to memory of 3036 1988 uninstall.exe 31 PID 1988 wrote to memory of 3036 1988 uninstall.exe 31 PID 1988 wrote to memory of 3036 1988 uninstall.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\uninstall.exe"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3036
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD50c44f21d4afc81cc99fac7cc35e4503a
SHA13d0d5c684df99a46510c0e2c0020163a9d11c08d
SHA2568dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10
SHA5124e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923
-
Filesize
139KB
MD54f009883567dfa9e908c5ffa25a2fa0a
SHA15848783144c5a04fd4fff71651e3195444156b03
SHA256d0b0305b42c35716482a6aa08c8257c19aad225e3ffd9ab1f0de411d8b9e592e
SHA512015e03849ccb6f646538ebb5a1f75bd973258564a4d2664f51da11e88316e9a3d2863de131f105daf2173a5c494e6c6bcc621c6952144ed4bf4bd2bbdec5ef6d