Overview

overview

7

Static

static

3

Scan_docs#...98.exe

windows10-2004-x64

7

Scan_docs#...98.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows11-21h2-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$SMSTARTUP/32x.exe

windows10-2004-x64

5

$SMSTARTUP/32x.exe

windows11-21h2-x64

5

32x.exe

windows10-2004-x64

5

32x.exe

windows11-21h2-x64

5

uninst.exe.nsis

windows10-2004-x64

3

uninst.exe.nsis

windows11-21h2-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-08-2024 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Scan_docs#84768898.exe

  • Size

    5.5MB

  • MD5

    ce65c8134821032063d54ca07e8a73ae

  • SHA1

    13e5fe6fedb20530b1a82733b35b3bc23e9c7b9a

  • SHA256

    02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3

  • SHA512

    04e4e45ec86735dba5b9289b887784691e7c6a1d5a912a805c7a8400e10c687a825b97d8c911c715c78d21b8e4551ad3e74b71e1e6df58c2f693c24bd9aa4304

  • SSDEEP

    98304:C1kfl3MhgvWbkjpaKqPtUr0MHa35QvBq7E9ZYBtPsxcZE7sCC9:CufligvWIVJqr1p8Bq49ZetPApsCC

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scan_docs#84768898.exe
    "C:\Users\Admin\AppData\Local\Temp\Scan_docs#84768898.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Program Files (x86)\Win64xx\32x.exe
      "C:\Program Files (x86)\Win64xx\32x.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Win64xx\32x.exe
    Filesize

    6.7MB

    MD5

    6ab9f278a420ac86fc7ec85647ce99f1

    SHA1

    6ef604f5ed1ebe6dcafd038d43469bfffbc17b3c

    SHA256

    4c4872202abb5a60a8764bf44b370578a2b3d6f449b3881e96cc38f1b55f9cda

    SHA512

    13340197d19548bfa2de73b7465032b3afce1acfe58970c3cdae213bb431eed011c1887fe5a6ee59b8708a10fb59b5a497b3b38da80e5d924fb708027638c640

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nskDE0D.tmp\UAC.dll
    Filesize

    14KB

    MD5

    adb29e6b186daa765dc750128649b63d

    SHA1

    160cbdc4cb0ac2c142d361df138c537aa7e708c9

    SHA256

    2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    SHA512

    b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    Download Submit

  • memory/2968-11-0x00007FFB14E03000-0x00007FFB14E05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2968-12-0x0000023F0F2A0000-0x0000023F0FE96000-memory.dmp

    Filesize

    12.0MB

    Download

  • memory/2968-13-0x00007FFB14E00000-0x00007FFB158C2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2968-14-0x0000023F102A0000-0x0000023F102A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2968-16-0x00007FFB14E00000-0x00007FFB158C2000-memory.dmp

    Filesize

    10.8MB

    Download