Overview

overview

7

Static

static

3

717b94fd2b...18.exe

windows7-x64

7

717b94fd2b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...sc.dll

windows7-x64

3

$PLUGINSDI...sc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...dt.dll

windows7-x64

3

$PLUGINSDI...dt.dll

windows10-2004-x64

3

7za.exe

windows7-x64

3

7za.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dt.dll

windows7-x64

3

$PLUGINSDI...dt.dll

windows10-2004-x64

3

WackyBirdHunter.exe

windows7-x64

3

WackyBirdHunter.exe

windows10-2004-x64

3

aminstall.dll

windows7-x64

3

aminstall.dll

windows10-2004-x64

3

Readme.rtf

windows7-x64

4

Readme.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    87KB

  • MD5

    ef7a82bef192f8f54f697b75445b87d2

  • SHA1

    6558607a2e92c6853467349bd267354aa304ff89

  • SHA256

    9f500ef7aca53d6382bfb2ca454c94455aadac07d8e17fb7ba8737cc95c3b6ce

  • SHA512

    62a86ae342d91d7d97d62b7f094d368ee40a5e1b290d559836bcdff7677aa6957cc58091c8e7b6522aa8881dec389c9eb28ea6ef54a2d42dd7f1ac97d79db5e2

  • SSDEEP

    1536:wspe3RDckBV0DdkJOHR83d0cpdXwyNLIAW35pSkeVS9XaxIdPa6:wa1DdkJoR85pdXnLIA8p3eVS9XT

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst7ACC.tmp\ioSpecial.ini
    Filesize

    610B

    MD5

    9d981a3e1a5cb9696dcdbd1b1d220b20

    SHA1

    b36b923a9e378e9df186449d63d8856595ff735c

    SHA256

    edf8e2bfa631232c99e823c414c87b6d3c62f50dcd919a937251896a736b4dde

    SHA512

    08fed7bc6b7ad92b626640226287c8a2ddac3e97f9eeaaff841810db85df3c4fe9e31393a24e924e015fe61071c5be4da6cfb22d3810800e8366934d3294abc9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst7ACC.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    3c19f79ce11facc2fc4d3351dbb263e0

    SHA1

    17f4bf4b18ea7700f70ac7d825dc997be0d25f71

    SHA256

    cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

    SHA512

    05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst7ACC.tmp\System.dll
    Filesize

    10KB

    MD5

    725145e8caa39635cab9899c47c72eda

    SHA1

    30478c907551bd920bf359638b091fc5c10b5a53

    SHA256

    1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

    SHA512

    de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    87KB

    MD5

    ef7a82bef192f8f54f697b75445b87d2

    SHA1

    6558607a2e92c6853467349bd267354aa304ff89

    SHA256

    9f500ef7aca53d6382bfb2ca454c94455aadac07d8e17fb7ba8737cc95c3b6ce

    SHA512

    62a86ae342d91d7d97d62b7f094d368ee40a5e1b290d559836bcdff7677aa6957cc58091c8e7b6522aa8881dec389c9eb28ea6ef54a2d42dd7f1ac97d79db5e2

    Download Submit