Overview

overview

7

Static

static

7

Easyresume...up.exe

windows7-x64

7

Easyresume...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Resume.exe

windows7-x64

3

Resume.exe

windows10-2004-x64

3

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

update.exe

windows7-x64

7

update.exe

windows10-2004-x64

7

Easyresume...��.url

windows7-x64

1

Easyresume...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Easyresume/Easyresume7_setup.exe

  • Size

    1.5MB

  • MD5

    fc19a32c5335f815b7ee3224a066c153

  • SHA1

    a1595c19dce62388d4ab8169bf81af72b86a27b1

  • SHA256

    98c8075699e8c5effa442dca058853be6eb2a23c4523226b7e652c77c18e8dac

  • SHA512

    4a8ff0d4e70fa1bd28e98d4c659dd3b3861c1de5dae2392cb06917b37994c755de3d00a97d92a4b4b7488100a7497e459ab94ba3ac0a23b2df70f0992e7e7fcb

  • SSDEEP

    24576:WapDRx0YVKRxuFkbrh4jxIRx6jN6eVVgtjJkuPhm4ng/aui9X/t4m2QtDw9bJliK:WaxR+DlHRs7vglCu+k9vO5QdYlf9xZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Easyresume\Easyresume7_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Easyresume\Easyresume7_setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy3F71.tmp\ioSpecial.ini
    Filesize

    607B

    MD5

    34aec8fb639836669f0961f2b2480eb3

    SHA1

    6bbadf2f504d93bfa553a6c9cb1b8d9e3f839ed4

    SHA256

    c9da2f685b5b380250a6b59be6c77bcd4c048a97a23d4b67072184c064594d5c

    SHA512

    a8548dfca358e6a2980313df4dcdf2b54761c96b40f51ff4da0f6cf407f69ba5613daa642fa05b32b4a735b3e249a4fea2f920c37ed263bee0392d8d106fdfab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy3F71.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

    Download Submit