Overview
overview
10Static
static
10Hit Sender...ib.dll
windows7-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...ib.dll
windows7-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...er.exe
windows7-x64
10Hit Sender...er.exe
windows10-2004-x64
10Hit Sender...rp.dll
windows7-x64
1Hit Sender...rp.dll
windows10-2004-x64
1Hit Sender...er.dll
windows7-x64
1Hit Sender...er.dll
windows10-2004-x64
1IP Scanner...er.exe
windows7-x64
7IP Scanner...er.exe
windows10-2004-x64
7KPort Scan...V3.exe
windows7-x64
10KPort Scan...V3.exe
windows10-2004-x64
10KPort Scan...e4.dll
windows7-x64
3KPort Scan...e4.dll
windows10-2004-x64
3KPort Scan...i4.dll
windows7-x64
3KPort Scan...i4.dll
windows10-2004-x64
3KPort Scan...k4.dll
windows7-x64
3KPort Scan...k4.dll
windows10-2004-x64
3MassScan/M...UI.exe
windows7-x64
3MassScan/M...UI.exe
windows10-2004-x64
3MassScan/Packet.dll
windows7-x64
3MassScan/Packet.dll
windows10-2004-x64
3MassScan/masscan.exe
windows7-x64
3MassScan/masscan.exe
windows10-2004-x64
3MassScan/msvcr100.dll
windows7-x64
3MassScan/msvcr100.dll
windows10-2004-x64
3MassScan/w....3.exe
windows7-x64
7MassScan/w....3.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
30-07-2024 09:29
Behavioral task
behavioral1
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Hit Sender/RestSharp.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Hit Sender/RestSharp.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral9
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
KPort Scaner/KPortScan V3.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
KPort Scaner/KPortScan V3.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral15
Sample
KPort Scaner/QtCore4.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
KPort Scaner/QtCore4.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
KPort Scaner/QtGui4.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
KPort Scaner/QtGui4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
KPort Scaner/QtNetwork4.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
KPort Scaner/QtNetwork4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
MassScan/Massscan_GUI.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
MassScan/Massscan_GUI.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
MassScan/Packet.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
MassScan/Packet.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
MassScan/masscan.exe
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
MassScan/masscan.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral27
Sample
MassScan/msvcr100.dll
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
MassScan/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
MassScan/winpcap-4.3.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
MassScan/winpcap-4.3.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
General
-
Target
MassScan/winpcap-4.3.exe
-
Size
423KB
-
MD5
ae26452c8b3d97ef2037521ac0dd3a8b
-
SHA1
3ad99ec2bf6cc4f947bb09be627c91f82a898aa8
-
SHA256
f28156a96be558dfb83a3d935223a127816ad124b94f92c499400c38078ad842
-
SHA512
f5012a9600542b46eca137f41d58d6a6d3071aa36ca2b4c0f0119639cdf051c0a0e597c674583c4ec5753f8368ca121282acbf084930d2b1f30671f2032448d9
-
SSDEEP
6144:MsNaGdmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2G:AG4kDdc8L4bQA5qt3CxnkLwlQFPcOLJ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
winpcap-4.3.exepid process 1908 winpcap-4.3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
winpcap-4.3.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language winpcap-4.3.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD55c22bbf6730572e50eed4108af6081df
SHA18a13196f4d47ee7de2e35509058db954db10c72a
SHA2563198d832c222a9907d3d5822116c944fd1c6670a263b775212104a9ecf88beec
SHA512264b194a50cb523f5758569d918b5f60cb2959c4d091ae6712efc95644700a7bc2bb440a22acdf2285b754691a9cc04633fcc7c5b354dae75c7260d6b27ebb18