Overview

overview

7

Static

static

7

Easyresume...up.exe

windows7-x64

7

Easyresume...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Resume.exe

windows7-x64

3

Resume.exe

windows10-2004-x64

3

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

update.exe

windows7-x64

7

update.exe

windows10-2004-x64

7

Easyresume...��.url

windows7-x64

1

Easyresume...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update.exe

  • Size

    110KB

  • MD5

    4d2e37c34c4878d6ba1ef93bd5fdb58e

  • SHA1

    42688aa7f0ad818caf75b6bf5e8ae52383099246

  • SHA256

    366ad5a7e5bf2249b020545bfc30e4b906dac445ed91c2515098387001aa4eaf

  • SHA512

    5807da77831b6aba0f4df8d7875b2405084ffe9cbb91626c581970a6421c82d816ddc793c5c252865ae1c2ed0336951ec70ed2dde005fb3b524fef5126901bb5

  • SSDEEP

    1536:vmcbpjuT6fcHWn74JkKBWgE6noFsCbeqRufVdsasDY1C/EjBgMDjYoGP972:vt1uVHW8aKz0aC6+KdTY3972

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\update.exe
    "C:\Users\Admin\AppData\Local\Temp\update.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ci0-temp\update.bmp
    Filesize

    20KB

    MD5

    694190a6def8cde7cb38266341a2ac78

    SHA1

    f02c73cb74ba67babfad55223c3160144adf6bc0

    SHA256

    d58ebfb62426f59216094c2c5972f9554d6aed91fdc2e2df081e19329c5f8490

    SHA512

    9aa2e3a22a160fc233cd20e7f3f4eb2793fd2e038d5ceeda7213d9ca4b2321e2ccaff395203d76625063e3034e9afe655b577dd9b6423d3a75efe61f3525ec75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gert0.dll
    Filesize

    88KB

    MD5

    33976355fddbceb0fbe54887ee4d1596

    SHA1

    914c49a8a58605186d7dabeb3a67b88578c84c14

    SHA256

    51baaf313b57462eaa38aaf69aea6e8dbbc20f3714343817266e7f35bc2235fb

    SHA512

    be34e4042074da841cfbdbe3a379489b7a968f69a2bb372ce5925e0328d259af2fc0d29d02a787b8d4cfe70158bfc018bf7f6da35c26e670aea847efe3cb8389

    Download Submit