Overview

overview

7

Static

static

3

81c5844d08...18.exe

windows7-x64

7

81c5844d08...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...8_.dll

windows7-x64

6

$SYSDIR/$S...8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/$SYSDIR/$_14_.exe

  • Size

    70KB

  • MD5

    feaa04bba26d82e47b364bf3fa492ba1

  • SHA1

    295ef48964288a63236192c2ea439cfd61c4a7e8

  • SHA256

    095e81583257ab1bba0d2634f7feb31ed004edd9d74908e46d7b5bb1e3e0ceca

  • SHA512

    3c2d4efa692b8bb6fb3edf69ef7543a4f05af29ae91adfcc3858b18b980bc8129de41a56b00a8f16295aa4dc5255864cc81f4e06ce76ad86d8c3a8e001094fe3

  • SSDEEP

    1536:zu4EQalMK/ewGnh0mJ6Mbi6oDCypeKFl0OyY:zNyah0mJ6M2B7nsY

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\$_14_.exe
    "C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\$_14_.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$SYSDIR\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoB691.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    271b5d1043c4402f08ddeae383f6979c

    SHA1

    2b88c58aa27bfb4979239579cd65d4c6c67a5295

    SHA256

    90485cb175686c3e97b32ebf99daa939c1a6f46e7031f71b72b81cd114fd5b51

    SHA512

    f8bd4b316726f05647162bb52a2aeb4a6cf5ee976fdb7817a3d25b868b83fb482c38d078f01d3a629afb0d6fa6ce409b2b3404398563137e22010074f529c11b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoB691.tmp\validate.ini
    Filesize

    457B

    MD5

    73bcd6e81aa177545fe23b9f459c9f1c

    SHA1

    5c7c3676dd9706345761af77e9fc9a08a86e97cd

    SHA256

    60b2522dca07d4276c9a684c494cde018950ad2cc84e42e953e1e2dabac757ac

    SHA512

    be4640b602e087ca84b9d03aafbc64759ef473d082da17d59e58e5305816f0557e44992c8a0c452a5a0e26b90e031f0ef701c12939910acf5ee112b825b6a269

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    70KB

    MD5

    feaa04bba26d82e47b364bf3fa492ba1

    SHA1

    295ef48964288a63236192c2ea439cfd61c4a7e8

    SHA256

    095e81583257ab1bba0d2634f7feb31ed004edd9d74908e46d7b5bb1e3e0ceca

    SHA512

    3c2d4efa692b8bb6fb3edf69ef7543a4f05af29ae91adfcc3858b18b980bc8129de41a56b00a8f16295aa4dc5255864cc81f4e06ce76ad86d8c3a8e001094fe3

    Download Submit