4dfeff5c2ab6b7e4c0a2e059a96f6ed57d4e7d68d0b3e0b14cae92b27de8ad6c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dentrix Smart Image Surround Medical Connector Uninstaller.exe
Size

318KB
MD5

138d61c4330d3d5d03641b91ea02819e
SHA1

52617cfc7b85bee812db663c8abb2b914db57477
SHA256

1c524f4a823ba4f22fb3da71eeb5738a209097ff5c42206a55cccb39a9190556
SHA512

451662ed5375030c01e6ddf682a31afa86a61b51d6d5a57433b0d15c514b84b2d129f67a2b163cef9bcfcbe7639f17ab633e8ed5f16c6243f806b3b81ffc7f71
SSDEEP

1536:qqGR1+9+poFeaMZMG18ugt9UzQjOoOGkTOWeD58AmwirJaIKQ4chU:JGPwCok2G18ugkRuWeN8Amwir2HchU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2696	Un.exe

Loads dropped DLL 2 IoCs

pid	Process
2532	Dentrix Smart Image Surround Medical Connector Uninstaller.exe
2696	Un.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Dentrix Smart Image Surround Medical Connector Uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Un.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2696	Un.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2696	2532	Dentrix Smart Image Surround Medical Connector Uninstaller.exe	30
PID 2532 wrote to memory of 2696	2532	Dentrix Smart Image Surround Medical Connector Uninstaller.exe	30
PID 2532 wrote to memory of 2696	2532	Dentrix Smart Image Surround Medical Connector Uninstaller.exe	30
PID 2532 wrote to memory of 2696	2532	Dentrix Smart Image Surround Medical Connector Uninstaller.exe	30

C:\Users\Admin\AppData\Local\Temp\Dentrix Smart Image Surround Medical Connector Uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\Dentrix Smart Image Surround Medical Connector Uninstaller.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe

Filesize
318KB

MD5
138d61c4330d3d5d03641b91ea02819e

SHA1
52617cfc7b85bee812db663c8abb2b914db57477

SHA256
1c524f4a823ba4f22fb3da71eeb5738a209097ff5c42206a55cccb39a9190556

SHA512
451662ed5375030c01e6ddf682a31afa86a61b51d6d5a57433b0d15c514b84b2d129f67a2b163cef9bcfcbe7639f17ab633e8ed5f16c6243f806b3b81ffc7f71

Download Submit
\Users\Admin\AppData\Local\Temp\nsj99A2.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit