Overview

overview

7

Static

static

7

HotelMIS_special.exe

windows7-x64

7

HotelMIS_special.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

ConfigServer.exe

windows7-x64

1

ConfigServer.exe

windows10-2004-x64

1

GuiTk115.dll

windows7-x64

3

GuiTk115.dll

windows10-2004-x64

3

MFC71.dll

windows7-x64

1

MFC71.dll

windows10-2004-x64

1

help.doc

windows7-x64

4

help.doc

windows10-2004-x64

1

hotelMIS.exe

windows7-x64

1

hotelMIS.exe

windows10-2004-x64

1

libmySQL.dll

windows7-x64

3

libmySQL.dll

windows10-2004-x64

3

license.rtf

windows7-x64

4

license.rtf

windows10-2004-x64

1

msvcp71.dll

windows7-x64

3

msvcp71.dll

windows10-2004-x64

3

msvcr71.dll

windows7-x64

3

msvcr71.dll

windows10-2004-x64

3

mysqld.exe

windows7-x64

1

mysqld.exe

windows10-2004-x64

1

share/char...s.html

ubuntu-18.04-amd64

1

share/char...s.html

debian-9-armhf

1

share/char...s.html

debian-9-mips

1

share/char...s.html

debian-9-mipsel

1

tmpl/ReportDay.xls

windows7-x64

1

tmpl/ReportDay.xls

windows10-2004-x64

1

tmpl/ReportSsy.xls

windows7-x64

1

tmpl/ReportSsy.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HotelMIS_special.exe

  • Size

    4.4MB

  • MD5

    28c496e7858fe08d033471188758ae05

  • SHA1

    f9e2b499793571e63eeeda42fec5f35c29ac4d8e

  • SHA256

    6a6205ae89cf59a35824fe19cf0b43f040bcf17aa38cbea4667483eda5371f88

  • SHA512

    fa04faa33dedadd87846e907ae31f9b80d1fefd843373a9d1dce74ff33a1e9fb32c58f918dabfc718e80e5917122eed639a11971bb32e82fc81fae7871920c64

  • SSDEEP

    98304:Au7/6DqskEQHVuiI6u01OwmjeDc470I7iL4rSkzF7HBVroZSfvfmMluFIcQE/SiG:z/6mRNVuiubKDICSk9/tjlR3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HotelMIS_special.exe
    "C:\Users\Admin\AppData\Local\Temp\HotelMIS_special.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsjFA87.tmp\ioSpecial.ini
    Filesize

    613B

    MD5

    5c7d53cfb61190cca395619a87c03996

    SHA1

    e3a7ab631fb5f9d4800050c49e311f645f91d4da

    SHA256

    292da406ab0e7d2131612ff4805333390878d79447ee52a0f304540c0c309a1c

    SHA512

    bf6bd0fc3dc31ea0feef372e383187a38b8bd31624ea13bc7bd15aa5280a784bbb09a05c21fa131fe46d1f7138a9e366317883e00e5d21e7f8526dd5187125ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsjFA87.tmp\ioSpecial.ini
    Filesize

    600B

    MD5

    afc58e735fc87814e6283349d7719422

    SHA1

    3bda13380c44a8f4672c8e3f729f3e26c9c115bd

    SHA256

    d5cd2f3f556b443c0c536e158d279f7969b9ba0fc9b4c4e4f173e5b19aeaf73b

    SHA512

    0ca6ec44997d5fff9bc0bad2b0790921bd67532c3cd9972f629c1489847109e28aa24123699ecb3452fef55be36c2c2dd986deff82177077d813a54abfa00bc1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjFA87.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    b18dfaded8f6d2380fdfd8f6b6969211

    SHA1

    969fa0e906240ab1123254feeb833c275626cf76

    SHA256

    747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    SHA512

    25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    Download Submit