Overview

overview

7

Static

static

3

81c5844d08...18.exe

windows7-x64

7

81c5844d08...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...8_.dll

windows7-x64

6

$SYSDIR/$S...8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/$SYSDIR/$_14_.exe

  • Size

    70KB

  • MD5

    feaa04bba26d82e47b364bf3fa492ba1

  • SHA1

    295ef48964288a63236192c2ea439cfd61c4a7e8

  • SHA256

    095e81583257ab1bba0d2634f7feb31ed004edd9d74908e46d7b5bb1e3e0ceca

  • SHA512

    3c2d4efa692b8bb6fb3edf69ef7543a4f05af29ae91adfcc3858b18b980bc8129de41a56b00a8f16295aa4dc5255864cc81f4e06ce76ad86d8c3a8e001094fe3

  • SSDEEP

    1536:zu4EQalMK/ewGnh0mJ6Mbi6oDCypeKFl0OyY:zNyah0mJ6M2B7nsY

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\$_14_.exe
    "C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\$_14_.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy6B63.tmp\validate.ini
    Filesize

    457B

    MD5

    fbb828b95d53ad5fa935f323ff9b87e5

    SHA1

    80564141599a0d431b338fc653b52c299dc4bc23

    SHA256

    810ed1ea9c05f7ad11da2cbfb5695dd1e83374a8f9886dc5df19f92af96b2d33

    SHA512

    2b759d08a79072d92380fa2243cf0dd4b1e4042d3df5fea54e8b4ca828ce205954d5e1f771d7280de45cf741be67100d302b14cfaeb9134f34b7c12f03c5c018

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy6B63.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    271b5d1043c4402f08ddeae383f6979c

    SHA1

    2b88c58aa27bfb4979239579cd65d4c6c67a5295

    SHA256

    90485cb175686c3e97b32ebf99daa939c1a6f46e7031f71b72b81cd114fd5b51

    SHA512

    f8bd4b316726f05647162bb52a2aeb4a6cf5ee976fdb7817a3d25b868b83fb482c38d078f01d3a629afb0d6fa6ce409b2b3404398563137e22010074f529c11b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    70KB

    MD5

    feaa04bba26d82e47b364bf3fa492ba1

    SHA1

    295ef48964288a63236192c2ea439cfd61c4a7e8

    SHA256

    095e81583257ab1bba0d2634f7feb31ed004edd9d74908e46d7b5bb1e3e0ceca

    SHA512

    3c2d4efa692b8bb6fb3edf69ef7543a4f05af29ae91adfcc3858b18b980bc8129de41a56b00a8f16295aa4dc5255864cc81f4e06ce76ad86d8c3a8e001094fe3

    Download Submit