d8aa2091ba067de919107cbed8ecf8826429107aa1a2f2558b2f24d86f282391

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

148KB
MD5

ac1987eb85b44e639f0cad7c0720086e
SHA1

22f3c6708cebe5a2b9c393c0340ae338e2539fbd
SHA256

54f5304e6f4261bc953722f44fc79765962dd4c5013ecac4fe931f98376fa4b4
SHA512

e892b2e6288aedae67566e2b078e5fb712efb2e6b852a2e9a1af58bf0f5b6e717983c463592e99fbda36409370752c4b98070fe7036542c9a04f4ec09d3f951b
SSDEEP

3072:gk5+bFdkJYYschIykPtTIJLDaDKvheeLJsDcbUeEPEiKKVKuU8:V0FWJnaDKv5LCgEcKnH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2408	A~NSISu_.exe

Loads dropped DLL 2 IoCs

pid	Process
2408	A~NSISu_.exe
2408	A~NSISu_.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral22/files/0x000a0000000234aa-4.dat	nsis_installer_1

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2408	1740	Uninstall.exe	85
PID 1740 wrote to memory of 2408	1740	Uninstall.exe	85
PID 1740 wrote to memory of 2408	1740	Uninstall.exe	85

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
  "C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe

Filesize
148KB

MD5
ac1987eb85b44e639f0cad7c0720086e

SHA1
22f3c6708cebe5a2b9c393c0340ae338e2539fbd

SHA256
54f5304e6f4261bc953722f44fc79765962dd4c5013ecac4fe931f98376fa4b4

SHA512
e892b2e6288aedae67566e2b078e5fb712efb2e6b852a2e9a1af58bf0f5b6e717983c463592e99fbda36409370752c4b98070fe7036542c9a04f4ec09d3f951b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyA896.tmp\InstallOptions.dll

Filesize
12KB

MD5
57db62366ef11fdc47922a02031f0492

SHA1
6d30db5285b653025f94e74b9b045870dc0aeb7a

SHA256
2338752092918db8e068d55bea61f8cdeb9be37b6e6d30a730d9703b169b08b4

SHA512
d0257e02370863e07feb9346b88d87a102089f0c48aea13e069e55a14f0f6db51fb3d5f41ed5d2f39e36b612f4b6194a6b7c059709808bfb23ded89d0b0a3db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyA896.tmp\UserInfo.dll

Filesize
4KB

MD5
593345196fcd1c553b0702cc026ccccd

SHA1
84446849c10e0c4d6683072f4c2eea5a085bac2f

SHA256
fb4a4bea088b8dbf2adda6fdeb50be4b96bf20ba62bd9ac64b68ea628166a28d

SHA512
b28da01bec7a34a493316606c7406c06d0b278f1318563874f037caf203c2ec261c3f5c2a1790c6c177537bbb0f4dd0b7be482976f7114f70be75b5e4b311306

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyA896.tmp\ioSpecial.ini

Filesize
655B

MD5
6bf28aa7ccf73e1da81c5981ccf02d01

SHA1
a43f86efe53a562e044ca65689500bac0bcec03e

SHA256
e44f75651de2976c3b5010eb6a4bf4cb18f9b001b84e9c83337d7ff1acacef64

SHA512
3d7d1661aa5ff0b132d92e328215ccec485410f79d15a20c42cd3f78f7ea565c32d8ceea621bf467a4e268368617784e417d845dcb2c600af80e58978b3a4ba6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads