Overview

overview

8

Static

static

3

4ae6aa1589...18.exe

windows7-x64

7

4ae6aa1589...18.exe

windows10-2004-x64

7

$PLUGINSDI...gy.exe

windows7-x64

7

$PLUGINSDI...gy.exe

windows10-2004-x64

8

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...86.exe

windows7-x64

7

$PLUGINSDI...86.exe

windows10-2004-x64

7

Icons/proto_AIM.dll

windows7-x64

1

Icons/proto_AIM.dll

windows10-2004-x64

1

Icons/proto_ICQ.dll

windows7-x64

1

Icons/proto_ICQ.dll

windows10-2004-x64

1

Icons/proto_IRC.dll

windows7-x64

1

Icons/proto_IRC.dll

windows10-2004-x64

1

Icons/proto_MSN.dll

windows7-x64

1

Icons/proto_MSN.dll

windows10-2004-x64

1

Icons/proto_YAHOO.dll

windows7-x64

1

Icons/proto_YAHOO.dll

windows10-2004-x64

1

One Instan...er.exe

windows7-x64

1

One Instan...er.exe

windows10-2004-x64

1

dbtool.exe

windows7-x64

1

dbtool.exe

windows10-2004-x64

1

plugins/GG.dll

windows7-x64

3

plugins/GG.dll

windows10-2004-x64

3

plugins/IRC.dll

windows7-x64

3

plugins/IRC.dll

windows10-2004-x64

3

plugins/Yahoo.dll

windows7-x64

3

plugins/Yahoo.dll

windows10-2004-x64

3

plugins/advaimg.dll

windows7-x64

1

plugins/advaimg.dll

windows10-2004-x64

1

plugins/aim.dll

windows7-x64

3

plugins/aim.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Download_Energy.exe

  • Size

    5.0MB

  • MD5

    dd06d5bd99414adff053f29bd65abc49

  • SHA1

    42827374cbaf21d4c58ed23644d38ade04916a61

  • SHA256

    086c59c0cf90d477fb338e6af61647d02b169174c5e6aa0c3a5c9a29a19b74b9

  • SHA512

    ef35ec985d997f9acf88223a00a41987e041054942ff823d52054eb7ece4556daef4eeee5d4590f23ca3236057009aca501794ac3d8d7d3359059fc8331b94ea

  • SSDEEP

    98304:6wzOEtUIZUWlakoJOYm38KPKUU3lTzkOKVmhCtD8/WYJ7Kk:5/UIZvaZJW8K0Tz1KECtUWs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Download_Energy.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Download_Energy.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Users\Admin\AppData\Local\Temp\GLBC3CC.tmp
      C:\Users\Admin\AppData\Local\Temp\GLBC3CC.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\DOWNLO~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • NTFS ADS
      PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\GLBC3CC.tmp
    Filesize

    70KB

    MD5

    ec2a767238b46a96b4633d795a893272

    SHA1

    11e5809cda56b0d900a37cd6271afe91102a660e

    SHA256

    62706eb6fcb52d3b9162118e10cdf775d94961bbef26f965b4fd6af74cef9fea

    SHA512

    6290dbddb4533b726fd6b12dbf0efb191a62eb052742bd724cbe52ab128ac0d12555c246117554c5d1701446123ffad7afdd4cf70ed5846fd9d17e5f40bc94b6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLCC41A.tmp
    Filesize

    161KB

    MD5

    8c97d8bb1470c6498e47b12c5a03ce39

    SHA1

    15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

    SHA256

    a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

    SHA512

    7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLKC42A.tmp
    Filesize

    33KB

    MD5

    517419cae37f6c78c80f9b7d0fbb8661

    SHA1

    a9e419f3d9ef589522556e0920c84fe37a548873

    SHA256

    bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

    SHA512

    5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

    Download Submit