ca1abc81fc5959cc16c193339e8923701785ed62af01619b461bab62db1ce125

Analysis

max time kernel
104s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

87KB
MD5

3d10b54a208a315b9a80f6246bd75c11
SHA1

941aefa2771bb16561910e14d0ddf6c01bcc2c0d
SHA256

348d1f84aadb6a5b26ecd4d6eb3239be6ccec1f992d50ba84f53d019d4fa6143
SHA512

7aa944c6b49319479a90bd8a1ba1e8f1ee35a65ee839f9631f2ca352bf035a5ae64e780933c51f9f70cb956970a4ec906746a8305f8799681daaf62417f39d5c
SSDEEP

1536:/spe3RDckBV0DdkJOHR83d0cpdXwyNLIAW35pSkeVS9XaxIdPa6:/a1DdkJoR85pdXnLIA8p3eVS9XT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	Au_.exe

Loads dropped DLL 6 IoCs

pid	Process
676	Uninstall.exe
2324	Au_.exe
2324	Au_.exe
2324	Au_.exe
2324	Au_.exe
2324	Au_.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral19/files/0x0005000000019575-7.dat	nsis_installer_1

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2324	Au_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29
PID 676 wrote to memory of 2324	676	Uninstall.exe	29

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:676
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjF23C.tmp\ioSpecial.ini

Filesize
610B

MD5
27002a79cdc2f62851b655f4a4cdcd28

SHA1
b46bcecc2eade4c27bb14d2ef30d26bdb05485bf

SHA256
c29c9a50761b88c7e434bfb0524bcc815ddcdee76eb7fd817b5e2b4cf6972f5b

SHA512
d67b364c68fe8fafeb21c069914921cd3eb96a509792a162bfd6845df94bb072fef5eed0ee04d8af845f75701a79a9691ae38aa7b6ad9651a6a5e4d8edededf1

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF23C.tmp\InstallOptions.dll

Filesize
12KB

MD5
3c19f79ce11facc2fc4d3351dbb263e0

SHA1
17f4bf4b18ea7700f70ac7d825dc997be0d25f71

SHA256
cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

SHA512
05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF23C.tmp\System.dll

Filesize
10KB

MD5
725145e8caa39635cab9899c47c72eda

SHA1
30478c907551bd920bf359638b091fc5c10b5a53

SHA256
1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

SHA512
de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

Download Submit
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
87KB

MD5
3d10b54a208a315b9a80f6246bd75c11

SHA1
941aefa2771bb16561910e14d0ddf6c01bcc2c0d

SHA256
348d1f84aadb6a5b26ecd4d6eb3239be6ccec1f992d50ba84f53d019d4fa6143

SHA512
7aa944c6b49319479a90bd8a1ba1e8f1ee35a65ee839f9631f2ca352bf035a5ae64e780933c51f9f70cb956970a4ec906746a8305f8799681daaf62417f39d5c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads