Overview

overview

7

Static

static

3

77530170e8...18.exe

windows7-x64

3

77530170e8...18.exe

windows10-2004-x64

3

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ug.dll

windows7-x64

3

$PLUGINSDI...ug.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...te.exe

windows7-x64

7

$PLUGINSDI...te.exe

windows10-2004-x64

7

$PLUGINSDI...te.exe

windows7-x64

7

$PLUGINSDI...te.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/exadx4_desknote.exe

  • Size

    41KB

  • MD5

    ff614a2aece869e49b4ee75eb7b14000

  • SHA1

    3a7f77d114db71cb16b63c336b368cf747c42def

  • SHA256

    a99c79a17d104a5f00ab232474e093e5d8a64f1674de386764c8af33f83901f5

  • SHA512

    370fcabdb0a185c8447591c47d262b40dc457704c0b21fe1ec77327b96f7d70810aef7a6b678a1924abdc1f1097d6d5c86788bdf479162c8baf647405e2937fb

  • SSDEEP

    768:EHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJyojNctAllGws0q5:EpgpHzb9dZVX9fHMvG0D3XJygNcOmyq5

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\exadx4_desknote.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\exadx4_desknote.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c \DelUS.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\DelUS.bat
    Filesize

    190B

    MD5

    9039b1e775b7dc3eacae958da88d54f2

    SHA1

    d2c9a9924485dc8d6537ea0df35b9f885f2e3075

    SHA256

    5480b777f723af9aa6ae24463286bcc5e356555e8f93a03dd25756a04c3be0ff

    SHA512

    93ae323ccacdba94c9815d079cd2cce265a6cf07fa2904b644e02f930178126af215ca72323b25a4060d7d3e5487217d1662bac90ca052813de18c9661aafe0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl958A.tmp\DLLWebCount.dll
    Filesize

    28KB

    MD5

    0bdd7c6f1046ea4b42839f991ae53fb2

    SHA1

    cb9baefb10159b4a684fa1ee4372e7715865052d

    SHA256

    0a0019b2603dbc4505453c2501255ab0cc0b3c317ece4a6ce0cfb6a02a30907b

    SHA512

    96f41497f25d7bc81f51ab167f74243b4b767089c89c26f9752ef518fa60dedd2722c66ae87dad2334bcce1622bc12f7b9b892ae654ca58cecd9f35c9f1dc163

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl958A.tmp\FILEDownPlug.dll
    Filesize

    20KB

    MD5

    2dc96e6ef39e0472a2e21f3e71157cea

    SHA1

    660377e9d5c7189a9b8320925bc0c4620f7d7cc7

    SHA256

    92e1e72c1fd1f941172dc37ac8a29732e326d5482602c981d1b69bc31b0907ba

    SHA512

    b321d349c65e4eef7475ed4275f7e5fcaf1748e9da184da6eef3bc4c4d48a4e307f5e88c80739c669d2cec2c3cd3f933db78aa471f8190de9d0728b1d9dc2273

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl958A.tmp\SelfDelete.dll
    Filesize

    24KB

    MD5

    7bf1bd7661385621c7908e36958f582e

    SHA1

    43242d7731c097e95fb96753c8262609ff929410

    SHA256

    c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

    SHA512

    8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

    Download Submit