Overview

overview

7

Static

static

3

34ff09035e...18.exe

windows7-x64

3

34ff09035e...18.exe

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/KWMU...te.exe

windows7-x64

7

$TEMP/KWMU...te.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/soba...wo.exe

windows7-x64

7

$TEMP/soba...wo.exe

windows10-2004-x64

1

$PROGRAM_F...er.exe

windows7-x64

1

$PROGRAM_F...er.exe

windows10-2004-x64

1

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...rX.dll

windows7-x64

7

$PROGRAM_F...rX.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/KWMUSIC/DownloadUpdate.exe

  • Size

    128KB

  • MD5

    af7aa1d51bf97c249aca404eda269e8a

  • SHA1

    2284331a6e41906baf23e60016555d55952506cc

  • SHA256

    2b0230edd09e775590fb8b7597ad1eee692ccda704a575bfd50433099f7b55c9

  • SHA512

    498c402e81e7eaf2f217d5a8a0a580f4a2d45edcab65a06c8011ca8682a80388a23fe3c1ffcebdfbb6f9221096e68ce7b1ab6bb675a6b57df01618ea1de2fce0

  • SSDEEP

    3072:+ZGlFw7fonu4sPJBWU4jlod8BiqHprM1ZZtDDkbimVmj:yWwMnudZfX2sj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\KWMUSIC\DownloadUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\KWMUSIC\DownloadUpdate.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsxB373.tmp\KuWoNsis_new.dll
    Filesize

    128KB

    MD5

    9bb7eeaf65c2a6367956374c6105bea7

    SHA1

    530b83c65939abcec7b1ed17ee13d8e169ad9e34

    SHA256

    5ac5cd24d0dc531ca1113c62209575e25f6dbb3c3734e8cc1f7c5237a3c94b52

    SHA512

    b3221cc2f3217482e0de772c496a1adcd7966a81f670b8400d4bde5fb69026fa76e5f71793070ce1143c81d44eddc83fffaa00ba5ea27c3d5aa854e6de476d06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsxB373.tmp\inetc.dll
    Filesize

    18KB

    MD5

    94a8ace2be90a687c1b1729c32c66e50

    SHA1

    94cff89cc170c00b1f849460f78cb12ab8730538

    SHA256

    1a6c160fd844dea35195371476119f91eab302d701b0f6f1c3fe87ad92cc93df

    SHA512

    ba23dfa7a29450451ac3f6ef6bf9e89352e1d17f7a2b7c7e5a87839becd6676542d2189d443322b3cad08b1bcac8851eebf9964fa37190e551f0bd717dcc5deb

    Download Submit