Overview

overview

7

Static

static

7

VirtualTreesD7.dll

windows7-x64

3

VirtualTreesD7.dll

windows10-2004-x64

3

autoupdater.exe

windows7-x64

7

autoupdater.exe

windows10-2004-x64

7

fos.exe

windows7-x64

7

fos.exe

windows10-2004-x64

7

license.rtf

windows7-x64

4

license.rtf

windows10-2004-x64

1

rtl70.dll

windows7-x64

3

rtl70.dll

windows10-2004-x64

3

uninstaller.chm

windows7-x64

6

uninstaller.chm

windows10-2004-x64

6

uruninstaller.exe

windows7-x64

7

uruninstaller.exe

windows10-2004-x64

7

vcl70.dll

windows7-x64

3

vcl70.dll

windows10-2004-x64

3

vclx70.dll

windows7-x64

3

vclx70.dll

windows10-2004-x64

3

yufilter.dll

windows7-x64

3

yufilter.dll

windows10-2004-x64

3

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uruninstaller.exe

  • Size

    2.7MB

  • MD5

    5561091b596cb5b009147a7f0cadd8ee

  • SHA1

    76e32505bb61805741a8e68e70a180e5916c93a1

  • SHA256

    e07f1ba143b59f9dfc78681bf6a85a68536916891ec0856e926c67388292208e

  • SHA512

    9d957be4d4bdb13f29c815bd08092340f4ae524f479a198200b1d89a5aceda2b9fb13ad24e8177c29e97e3efae8b6a2e1d7d0f67c8e06a8fc150b4ec18c1ddd4

  • SSDEEP

    49152:58YYrpfY4EMZAeT0eVCgNwWd5+R/9+9kYNRAW+CymsPgEU5:FupfhqeTdYg+l9+9kkRAW1YjO

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uruninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\uruninstaller.exe"
    1⤵
    • Checks BIOS information in registry
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\URSoft\Your Uninstaller 2006\uruninstaller.ini
    Filesize

    1KB

    MD5

    9b42698491bbb1f0eebc53e9bf24df6d

    SHA1

    a287a82c5585c65e143d2e8bec4f9721ba72f63f

    SHA256

    131d84499ab7be96dbfa35745ec81f7a8d27370de14a29a0c194be6dce0eaa9d

    SHA512

    143f21a42e14d2a044035d552d66cf95e28da4f42d09183166ded970692a3508da72bbd8fc884012ebc6ff069d9faf7669176d0418eddedfcce497668b18ecc1

    Download Submit

  • memory/768-46-0x00000000008E0000-0x0000000000936000-memory.dmp

    Filesize

    344KB

    Download

  • memory/768-73-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-8-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-12-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-10-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-13-0x0000000002A10000-0x0000000002B68000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/768-16-0x00000000008E0000-0x0000000000936000-memory.dmp

    Filesize

    344KB

    Download

  • memory/768-15-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-14-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-2-0x00000000008E0000-0x0000000000936000-memory.dmp

    Filesize

    344KB

    Download

  • memory/768-39-0x00000000008E0000-0x0000000000936000-memory.dmp

    Filesize

    344KB

    Download

  • memory/768-0-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-7-0x00000000008E0000-0x0000000000936000-memory.dmp

    Filesize

    344KB

    Download

  • memory/768-45-0x0000000002B70000-0x0000000002B78000-memory.dmp

    Filesize

    32KB

    Download

  • memory/768-53-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-42-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-41-0x0000000000400000-0x00000000008C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/768-48-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-43-0x0000000002A10000-0x0000000002B68000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/768-58-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-63-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-68-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-44-0x0000000040220000-0x000000004025B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/768-78-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-83-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download

  • memory/768-88-0x0000000040000000-0x00000000400C7000-memory.dmp

    Filesize

    796KB

    Download