Overview

overview

7

Static

static

7

Easyresume...up.exe

windows7-x64

7

Easyresume...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Resume.exe

windows7-x64

3

Resume.exe

windows10-2004-x64

3

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

update.exe

windows7-x64

7

update.exe

windows10-2004-x64

7

Easyresume...��.url

windows7-x64

1

Easyresume...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Easyresume/Easyresume7_setup.exe

  • Size

    1.5MB

  • MD5

    fc19a32c5335f815b7ee3224a066c153

  • SHA1

    a1595c19dce62388d4ab8169bf81af72b86a27b1

  • SHA256

    98c8075699e8c5effa442dca058853be6eb2a23c4523226b7e652c77c18e8dac

  • SHA512

    4a8ff0d4e70fa1bd28e98d4c659dd3b3861c1de5dae2392cb06917b37994c755de3d00a97d92a4b4b7488100a7497e459ab94ba3ac0a23b2df70f0992e7e7fcb

  • SSDEEP

    24576:WapDRx0YVKRxuFkbrh4jxIRx6jN6eVVgtjJkuPhm4ng/aui9X/t4m2QtDw9bJliK:WaxR+DlHRs7vglCu+k9vO5QdYlf9xZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Easyresume\Easyresume7_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Easyresume\Easyresume7_setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsq7B5B.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsq7B5B.tmp\ioSpecial.ini
    Filesize

    646B

    MD5

    1b5f3a1b43f2ea6561d9e68c3366b4bd

    SHA1

    b159d1e8a582360cdf56fc6d959dc5d5de0e5f07

    SHA256

    99ef44af35783bec11aede5ac96d43da027df3ceededa331cd6f555ad2e69e82

    SHA512

    89c784687c5a830f980db6aae41573e6cd6fb9fa0f5e3b40bed95666bb76ce847580dab20538d66624409ac97c3ebb66d0dbe6be739123ab356b7c9670f3cbbc

    Download Submit