Overview

overview

7

Static

static

7

wdfwsetup-v4.8.exe

windows7-x64

7

wdfwsetup-v4.8.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.vbs

windows7-x64

1

$PLUGINSDI...ll.vbs

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...cl.exe

windows7-x64

1

$PLUGINSDI...cl.exe

windows10-2004-x64

1

$PLUGINSDIR/vd.vbs

windows7-x64

1

$PLUGINSDIR/vd.vbs

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.vbs

windows7-x64

1

$PLUGINSDI...ll.vbs

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/vd.vbs

windows7-x64

1

$PLUGINSDIR/vd.vbs

windows10-2004-x64

1

web/about.asp

windows7-x64

3

web/about.asp

windows10-2004-x64

3

web/anticc.vbs

windows7-x64

1

web/anticc.vbs

windows10-2004-x64

1

web/apply.vbs

windows7-x64

1

web/apply.vbs

windows10-2004-x64

1

web/bottom.html

windows7-x64

1

web/bottom.html

windows10-2004-x64

1

web/config.vbs

windows7-x64

1

web/config.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wdfwsetup-v4.8.exe

  • Size

    719KB

  • MD5

    15dd6511323c09db9cbbac2fee6c7c64

  • SHA1

    b530543cd68f7ade2a4ac7452e81244fd2cf7c18

  • SHA256

    9937989c6eeba36766ae18b1a6edea2bb9e9b7739ea4a3cfc0febfbd42669968

  • SHA512

    5a959d62ed3c178c612f77d79200917551e5684de55f339b6d026c9c6ec1143db58dbc276c113954fcfa7119ab3564e7282340cbb554a34a45ca6337cc8da447

  • SSDEEP

    12288:9GWju2nn4K9Wzg6w1eQQVktYjUnt4g7v4zdy4G58crRW2ppAo1iOT1Tfv2xd1zT:9Hj7n4A/es/4Rzdy/PRPppB3jAd1zT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\wdfwsetup-v4.8.exe
    "C:\Users\Admin\AppData\Local\Temp\wdfwsetup-v4.8.exe"
    1⤵
    • Loads dropped DLL
    PID:3796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nscB121.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    9a886711c559308c39c01c20e9d9a1e3

    SHA1

    0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

    SHA256

    98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

    SHA512

    4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nscB121.tmp\ioSpecial.ini
    Filesize

    653B

    MD5

    26ae845d1b6377c440685c1c9ceedf95

    SHA1

    43e208be02e1bc409ee177c283caaae5d494e6c5

    SHA256

    71d237bef1f638d26b8a20493ebe09a3d220a602bc99265951bf8b8123506b03

    SHA512

    0a259e39125f93a26164f5a1ed374aa0f002128f3c12cf78cbc49a58dbd8fcc11633c1dff2ae9092ee7a68deff3eb07cc5e00a6711f7c5404490588130526031

    Download Submit