Overview

overview

7

Static

static

3

3cc9ddc779...18.exe

windows7-x64

7

3cc9ddc779...18.exe

windows10-2004-x64

7

"aminstall.dll

windows7-x64

1

"aminstall.dll

windows10-2004-x64

3

"ice_breaker.exe

windows7-x64

3

"ice_breaker.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

image_tool.dll

windows7-x64

1

image_tool.dll

windows10-2004-x64

1

prog.dll

windows7-x64

1

prog.dll

windows10-2004-x64

1

readme.html

windows7-x64

1

readme.html

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 09:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    66KB

  • MD5

    8529342769763f4dc43930459127696e

  • SHA1

    ffef92cd2c083642a52e94eaed09edf2b46d7653

  • SHA256

    ce3d137c9c5613976fec4cdc8d151cddeb2902c2ce27672528ec8923ad5950f7

  • SHA512

    b1694a7d5673bec89fc36f072bb5f9e9bba0828ff1eb25bfb6411f93857d0168685b11a54dda10ae91b9e0435696c989a5f95d375f5784e0e2ac9bba8b8f3095

  • SSDEEP

    1536:9te0DnjRrJav2FnUIRr2vMYBJvqAELVigvdvOjVUc+v/5Qmdm:9PD11a8YBJSAI0kvOxOm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • NSIS installer 1 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
      "C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2844

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nse868F.tmp\ioSpecial.ini
          Filesize

          592B

          MD5

          da1c1057392a6f0821fc7a101e637c0c

          SHA1

          3e5b0b02c2abad41f27a95574589ab4d386da586

          SHA256

          e36bf49f4a66e9a423e6e3527c48dd6a867b9a852586700e85c8d3d4b6974931

          SHA512

          93619bf837b057cda4098a97b653bb934ba39ed62314cabcb8dd9138da5a72cc68e03182224f2e7d2f0d4a4f436baf902856d02d811e9bfc49eafddef2e625dd

          Download Submit

        • \Users\Admin\AppData\Local\Temp\A~NSISu_.exe
          Filesize

          66KB

          MD5

          8529342769763f4dc43930459127696e

          SHA1

          ffef92cd2c083642a52e94eaed09edf2b46d7653

          SHA256

          ce3d137c9c5613976fec4cdc8d151cddeb2902c2ce27672528ec8923ad5950f7

          SHA512

          b1694a7d5673bec89fc36f072bb5f9e9bba0828ff1eb25bfb6411f93857d0168685b11a54dda10ae91b9e0435696c989a5f95d375f5784e0e2ac9bba8b8f3095

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nse868F.tmp\InstallOptions.dll
          Filesize

          12KB

          MD5

          4c7d97d0786ff08b20d0e8315b5fc3cb

          SHA1

          bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

          SHA256

          75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

          SHA512

          f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

          Download Submit