Overview

overview

7

Static

static

3

8dabaad433...18.exe

windows7-x64

7

8dabaad433...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

Alligator.exe

windows7-x64

3

Alligator.exe

windows10-2004-x64

3

BlackShark.exe

windows7-x64

1

BlackShark.exe

windows10-2004-x64

3

Get your r...de.url

windows7-x64

1

Get your r...de.url

windows10-2004-x64

1

MIG_29.dll

windows7-x64

3

MIG_29.dll

windows10-2004-x64

3

MSORecovery.exe

windows7-x64

7

MSORecovery.exe

windows10-2004-x64

7

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

bs_load.dll

windows7-x64

3

bs_load.dll

windows10-2004-x64

3

bs_wm.dll

windows7-x64

3

bs_wm.dll

windows10-2004-x64

3

gdiplus.dll

windows7-x64

3

gdiplus.dll

windows10-2004-x64

3

t34.dll

windows7-x64

3

t34.dll

windows10-2004-x64

3

wab_recovery.exe

windows7-x64

6

wab_recovery.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/08/2024, 06:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    59KB

  • MD5

    973038639d770a979c786f86c71c2aa2

  • SHA1

    45cd5858255d414606760666b9344d95c0c2ead2

  • SHA256

    64326f62c4328392e52de8a675b2cbc0c7b10a7ba9cea03d829ed56f4b714e42

  • SHA512

    2b3bf405249abd930be9bbaf4ee56bd24510fe98927e24a4b17192859984fd12e89941f60e7b108e2806282771cc4d2c6ab3bdec97409c78b62fbf6631c23928

  • SSDEEP

    1536:2pgpHzb9dZVX9fHMvG0D3XJrgdLeAyN/QhV/l:cgXdZt9P6D3XJrceAXv/l

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:5112
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    1⤵
      PID:4052

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsv4514.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      325b008aec81e5aaa57096f05d4212b5

      SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

      SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

      SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsv4514.tmp\ioSpecial.ini
      Filesize

      641B

      MD5

      eed716855f7d9e9b42fdbb30753010c1

      SHA1

      550470121039a8fbd303a6ff75d6997931d9a6e4

      SHA256

      1ab679c3c0728e19f34a43c154efd10a23b74e311d5c4cf5c66038c2b6699c26

      SHA512

      7f84530ed18e9055a196886b0e4548752816eb3b7309ef3a4de8fe996c6d5f21f841311ac38e618b154238e89723bbbad762a7425a62ce0afa3f825a3583c9f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsv4514.tmp\ioSpecial.ini
      Filesize

      641B

      MD5

      30098937ca32e7da41dfffcee5e75a5d

      SHA1

      02a47991779da589d01c8e5e4b71e18dbf887f7f

      SHA256

      82a490092fe054384563119ca0c7407b99df202d9a6da310534c33d24040c781

      SHA512

      a591b020fdc4e0e825270ceb5b8287eb099f29845fa91cdb1bf5331306d7a09a3ba9033912b39cdde517e5bf564c853468982f82931b92eea59127c70c59ed9f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      Filesize

      59KB

      MD5

      973038639d770a979c786f86c71c2aa2

      SHA1

      45cd5858255d414606760666b9344d95c0c2ead2

      SHA256

      64326f62c4328392e52de8a675b2cbc0c7b10a7ba9cea03d829ed56f4b714e42

      SHA512

      2b3bf405249abd930be9bbaf4ee56bd24510fe98927e24a4b17192859984fd12e89941f60e7b108e2806282771cc4d2c6ab3bdec97409c78b62fbf6631c23928

      Download Submit