Overview

overview

7

Static

static

3

mpxsglsetup.exe

windows7-x64

7

mpxsglsetup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

API_COM.dll

windows7-x64

1

API_COM.dll

windows10-2004-x64

1

Mwic_32.dll

windows7-x64

1

Mwic_32.dll

windows10-2004-x64

1

RWic.dll

windows7-x64

1

RWic.dll

windows10-2004-x64

1

SWind.dll

windows7-x64

1

SWind.dll

windows10-2004-x64

1

client/index.html

windows7-x64

1

client/index.html

windows10-2004-x64

1

client/view/list.exe

windows7-x64

1

client/view/list.exe

windows10-2004-x64

1

convert/convert.exe

windows7-x64

1

convert/convert.exe

windows10-2004-x64

1

mpsoftup.exe

windows7-x64

1

mpsoftup.exe

windows10-2004-x64

7

mpweb.exe

windows7-x64

1

mpweb.exe

windows10-2004-x64

1

mpxsgl.exe

windows7-x64

4

mpxsgl.exe

windows10-2004-x64

4

readme.htm

windows7-x64

1

readme.htm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mpxsglsetup.exe

  • Size

    5.0MB

  • MD5

    c2be6aeabb612893ce8d4231b357e61c

  • SHA1

    19d57211e144627f8ed7c3dc134f625db188547c

  • SHA256

    30a94f0245e7806b5be90ca8250851e8342d4921198c2ba91a136bfa18b1c8ec

  • SHA512

    51da636a1f0401a3e04187eff156934e43a0a50ccc7e5dbfc1f0f36fb349bcf80654d7665e028655d52e19b5b219414c06e7f0974ba130daa7c6923bb53cba60

  • SSDEEP

    98304:HQFuz6ZGQV5nYQBNcLD6N80kFqYVCl78H2JmDt3bpuFZUXDtt3eZBfw:rz6ZG6n3cLD63E/A62JqtrpUZ6Rt3Yw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mpxsglsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\mpxsglsetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst29B1.tmp\ioSpecial.ini
    Filesize

    736B

    MD5

    cd740de0acac80ef1266c7afd5649407

    SHA1

    5f587151428a055e8a09ab1792c26c516e31d311

    SHA256

    7edb3ba7814ace153b199223009016a1189acc52c6403d8c6dafff59c50e0b13

    SHA512

    d8c644645701c4bcaca60077906c9f5620d1c8516639bd7be514e16a5d7a74980610dd4d5c6f6820276e0623c3547a52c939836f1d1198ba58237618446197dd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst29B1.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    4c7d97d0786ff08b20d0e8315b5fc3cb

    SHA1

    bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

    SHA256

    75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

    SHA512

    f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst29B1.tmp\advsplash.dll
    Filesize

    5KB

    MD5

    ca60ae514320a0bfc4991c1fca3dc4ce

    SHA1

    c0d7db92c979d75233db185f18dee0c9518dd8ae

    SHA256

    08d2283396141ae8222c6959a0e1b4f75a75a3f2643b33d6d1c9b90d0669c606

    SHA512

    8e2d00909828b2f527bed1d2dae39e991142091cda8e80fb512ef2790fdd8146e6222dc1a98730af864b1437eab9f0e881e9adc3aad4e6c67f840dc3c4115a3b

    Download Submit