Analysis

  • max time kernel
    31s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 21:23

General

  • Target

    23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506.exe

  • Size

    2.4MB

  • MD5

    1a8c0d5ded7f399be1b43d1b6c3a6692

  • SHA1

    12c882aea0cbe460d04f838bdf9b44c57f0aa36e

  • SHA256

    23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506

  • SHA512

    20a3600b1ca50e1c8acd42375c3c6cd102b8fb305eb431c2b083da1068c9400cd310b36413c193f6dd5b3b19572a4cc242116a9748e9b396caa696c578d9754e

  • SSDEEP

    49152:zvSzkJnOyQpABa+VsNbwzPhTzoL6Y0fxfNrBUf0uzkf:zqzkbkbhwzmLb0fxfNr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Control Panel 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506.exe
    "C:\Users\Admin\AppData\Local\Temp\23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:1836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log

    Filesize

    9KB

    MD5

    162f4652a9330f2c6321b504c1fa059e

    SHA1

    aad51bcf9a486b407d37afc5d31c16d64b100844

    SHA256

    a637981b7ad2e597c1e2eb36e992a0c83fd1df1b98825e91705b1ba3819be8c5

    SHA512

    86db280ee332a8bed9a68e99caeff6a7e5784927737f48fd2065f21b90e91f2015b46c6d5b9d7944e4d2fa65458c4e9ea14c9e921bdd8e1bf7c1bdae022ce68f

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log

    Filesize

    2KB

    MD5

    68853280c69d05daa4da78d2a1a509de

    SHA1

    d8550cc1568c9f6742177d30dc765883acad5c49

    SHA256

    7b49f0830751e099369e9ac04ff448c9562b395bb9e56ac0f5e57920bb83957e

    SHA512

    5ce7429aafbd4a80c566508714a5ce643d569a86ada6ee9a3db63634eb9925c86d66a3fbe94430f450a7e2788264b797de7c33b4287d25eab60c66d7ebc65fd7

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

    Filesize

    223B

    MD5

    5babf2a106c883a8e216f768db99ad51

    SHA1

    f39e84a226dbf563ba983c6f352e68d561523c8e

    SHA256

    9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

    SHA512

    d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

  • \Users\Public\Documents\Wondershare\NFWCHK.exe

    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a