Overview

overview

7

Static

static

3

52c4541734...0N.exe

windows7-x64

7

52c4541734...0N.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

get.cmd

windows7-x64

1

get.cmd

windows10-2004-x64

3

ls.cmd

windows7-x64

1

ls.cmd

windows10-2004-x64

1

split.cmd

windows7-x64

1

split.cmd

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

zAnsi.exe

windows7-x64

1

zAnsi.exe

windows10-2004-x64

3

zBck.exe

windows7-x64

3

zBck.exe

windows10-2004-x64

3

zBeg.exe

windows7-x64

1

zBeg.exe

windows10-2004-x64

3

zBoxbackup.exe

windows7-x64

3

zBoxbackup.exe

windows10-2004-x64

3

zByteSwap.exe

windows7-x64

1

zByteSwap.exe

windows10-2004-x64

3

zClock.exe

windows7-x64

3

zClock.exe

windows10-2004-x64

3

zComp.exe

windows7-x64

1

zComp.exe

windows10-2004-x64

3

zDelTree.exe

windows7-x64

1

zDelTree.exe

windows10-2004-x64

3

zDir.exe

windows7-x64

1

zDir.exe

windows10-2004-x64

3

zDirSync.exe

windows7-x64

3

zDirSync.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 05:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    52c45417346ec66003be870876e5aed0N.exe

  • Size

    4.7MB

  • MD5

    52c45417346ec66003be870876e5aed0

  • SHA1

    f72d0a83302b2da65c00312586362b5395e01b44

  • SHA256

    1d08b33d67ae41585ddbf7c172844e7e6ea5c8191a7738e0e8c6a831f6cb5b52

  • SHA512

    66ec9f7a7a0573fbf100078322fd135b39b85e76bdb1b089a6676b84e0a2965d50cd646d871689b6bb49d5378ef57c45a56802a5a068eca9a73ae422d613a2cb

  • SSDEEP

    98304:EGTeSgqHKekEq+J+4iE+3pp7rmPL0GPkLGknVTHkhicE8MtAkcXqhWmL78oGdYRy:ESeQK5d+XxcSkn9HkhicErtAkB5QdYRy

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\52c45417346ec66003be870876e5aed0N.exe
    "C:\Users\Admin\AppData\Local\Temp\52c45417346ec66003be870876e5aed0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:5872
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4300,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
    1⤵
      PID:5568

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nst8132.tmp\InstallOptions.dll
            Filesize

            12KB

            MD5

            444e1109d960c307df0ca2b33a24731b

            SHA1

            55e3b57d06128911ed4af44858d199d9b1945edc

            SHA256

            b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125

            SHA512

            9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nst8132.tmp\ioSpecial.ini
            Filesize

            718B

            MD5

            17dbc3a10d03e6a7e7d55023a94b087b

            SHA1

            8279a54f106ce0a8da9ebd0c3ad2fcb752fc5932

            SHA256

            6762aa82c71e3d422497e3362e0a3db10e13a12890376c0baac4eafdfb3ead67

            SHA512

            18e72f0662ffa8c0061e46e6766384f4fd672326366da171df0c32d82aafcfa7bf1d3b9c4f06c6afa3a512821b02b90512fee80fecf7d27e9bf6e020adea7c4c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nst8132.tmp\ioSpecial.ini
            Filesize

            692B

            MD5

            756112e50134fb18736b99a372c9f77e

            SHA1

            dc872d03aad7ad0fe646f43d468d89c2e5376ab5

            SHA256

            5d8a56390dbc844bc380645b3f5e806dc50335492a969ad8893d4edb2ee3b376

            SHA512

            371a430b498ece815d3141d5eb1939a1585ceec4af774f2c9b8ee2bdbdd30ca6876554ac4c43e3b695dd0b4b13d94c15fd2ed8b9bf0f597ed279c1bd71feb0e5

            Download Submit