Overview

overview

10

Static

static

7

ead791414b...d4.exe

windows7-x64

7

ead791414b...d4.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

114IE.exe

windows7-x64

10

114IE.exe

windows10-2004-x64

10

bin/114Web.exe

windows7-x64

1

bin/114Web.exe

windows10-2004-x64

1

bin/Addr.dll

windows7-x64

3

bin/Addr.dll

windows10-2004-x64

3

bin/CameraDll.dll

windows7-x64

1

bin/CameraDll.dll

windows10-2004-x64

1

bin/SnapShot.exe

windows7-x64

1

bin/SnapShot.exe

windows10-2004-x64

1

bin/TGHistory.dll

windows7-x64

1

bin/TGHistory.dll

windows10-2004-x64

1

bin/TGMail.dll

windows7-x64

1

bin/TGMail.dll

windows10-2004-x64

1

bin/TGNetWork.dll

windows7-x64

1

bin/TGNetWork.dll

windows10-2004-x64

3

bin/TGRes.dll

windows7-x64

1

bin/TGRes.dll

windows10-2004-x64

1

bin/shdoclc.dll

windows7-x64

1

bin/shdoclc.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ead791414bf8b9f1126e4d6b099ecf939f595d03d5d30c69dc05c637806ea0d4.exe

  • Size

    2.5MB

  • MD5

    4726474b31484684a60f8be1ecfa7986

  • SHA1

    5ad7989e8d5ecfcdba14bdb0135380ce19f709fd

  • SHA256

    ead791414bf8b9f1126e4d6b099ecf939f595d03d5d30c69dc05c637806ea0d4

  • SHA512

    15f13bfa0be287fd2d62561ce0c97594504b98d489a51c4db2b1fcdba233ac462a16b2e2edb7f144b50563b6e2d25e3f991314d6858d4038da01a9d6f8683922

  • SSDEEP

    49152:I9If342N0i9pbtiRQg0O5ItoeoHB25zJinnbi/DQfmOugHjwaKy:f4X2Bca/OCOhhkzMW/3OuxQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ead791414bf8b9f1126e4d6b099ecf939f595d03d5d30c69dc05c637806ea0d4.exe
    "C:\Users\Admin\AppData\Local\Temp\ead791414bf8b9f1126e4d6b099ecf939f595d03d5d30c69dc05c637806ea0d4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso7C34.tmp\ioSpecial.ini
    Filesize

    611B

    MD5

    d73f9582786695406df112ee7f7f5236

    SHA1

    78932e6f0b06dd981baadb47eba84e31ba6cab05

    SHA256

    2094e66a52e9e6ffc69a778a5e634e6295a5e0235c64341b8fbaafb4effe88cc

    SHA512

    bec48e48e0555d887aaf9ba4c86bb231126faa47ff017d3778137a23faf9c42528dcd0157a42ab0ce90872e7be1ea1365b237609d9bc35a8864019e540f13431

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso7C34.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    9a886711c559308c39c01c20e9d9a1e3

    SHA1

    0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

    SHA256

    98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

    SHA512

    4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

    Download Submit