Overview

overview

10

Static

static

8

Builder.bat

windows10-1703-x64

1

Components...OBF.py

windows10-1703-x64

3

Components/loader.py

windows10-1703-x64

3

Components...ess.py

windows10-1703-x64

3

Components/process.py

windows10-1703-x64

3

env/Script...ng.dll

windows10-1703-x64

1

env/Script...AR.exe

windows10-1703-x64

3

env/Script...ll.exe

windows10-1703-x64

4

env/Script...on.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...En.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...AR.exe

windows10-1703-x64

5

env/Script...ng.dll

windows10-1703-x64

1

env/Script...AR.exe

windows10-1703-x64

3

env/Script...ll.exe

windows10-1703-x64

4

env/Script...on.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...En.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...AR.exe

windows10-1703-x64

5

env/Script...ip.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...En.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...ip.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...En.exe

windows10-1703-x64

3

env/Script...64.exe

windows10-1703-x64

1

env/Script...cn.exe

windows10-1703-x64

10

env/Script...ain.py

windows10-1703-x64

3

gui.py

windows10-1703-x64

3

Analysis

  • max time kernel
    126s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-08-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    env/Scripts/dist/Uninstall.exe

  • Size

    429KB

  • MD5

    62c61b5bc915f81c8038aa83ed1a3b01

  • SHA1

    d6e611c6bbc3f878e551d12c876b597cb88c2dbc

  • SHA256

    a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353

  • SHA512

    919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53

  • SSDEEP

    12288:xSXiav7Nwt8OVYPqo3YlgaAMTwBhvBJ/+7IISY1Ar8:AS4qiYlFAM0Bhvn/+h1A8

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\Uninstall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3652
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Uninstall_Rar.Bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4280
      • C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\Uninstall.exe
        "C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\Uninstall.exe" /wait
        3⤵
        • Executes dropped EXE
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Uninstall_Rar.Bat
    Filesize

    1KB

    MD5

    f988ce2eea2393d5f29275a3d54b601d

    SHA1

    eeada4c0e4f2cca2e5de8ed13f6d30f2e83d7784

    SHA256

    783e976f67935db7b6a37fa3567e08b5d3e2fcfb7c9a24655c9be2bf0a98b93a

    SHA512

    7f1870f1a5b95cdbed2b11828218866ac2d4836edc309c3dba55d7f47bb5d3a1529fee995d4a87335b4bcfed5295ac7e3432ec395bf33852b28522cef42e6d39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\Uninstall.exe
    Filesize

    429KB

    MD5

    62c61b5bc915f81c8038aa83ed1a3b01

    SHA1

    d6e611c6bbc3f878e551d12c876b597cb88c2dbc

    SHA256

    a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353

    SHA512

    919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53

    Download Submit