Overview

overview

7

Static

static

7

b4d00fbd76...18.exe

windows7-x64

7

b4d00fbd76...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

Irukandji.exe

windows7-x64

3

Irukandji.exe

windows10-2004-x64

3

Readme.rtf

windows7-x64

4

Readme.rtf

windows10-2004-x64

1

Unleashed.exe

windows7-x64

7

Unleashed.exe

windows10-2004-x64

7

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

�...��.lnk

windows7-x64

3

�...��.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    80s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    66KB

  • MD5

    09aa39ee43751131ebbe9c1aa965e087

  • SHA1

    29dba8453361be1dff0532c95181d0567234964f

  • SHA256

    c9cc36f6b25baecb1b674a1380ece6e6360d1e108091607a8ea733ca2b3e721e

  • SHA512

    acf362ccd1c0a3a803b146aeb15e0d65f2705fc1f3ff24209690d91a1310d297588bb2d83dc9a2a8b738656cb441edbe013227bdd1835130714366d8e1577f9a

  • SSDEEP

    1536:shq3+uta99Hj25XvwLXJLiJYRN6QcIw4LI:OstajHKBvYXJL8qxLI

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:660
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f68b9864a319ad347a5e58e1a281fbd

    SHA1

    2960d1d9e66160d7b599cf74bd0419ba434dd76c

    SHA256

    2b26bc0de2003db2e36a5d0f4df4e5f0139ad60c488e3ca30b33513d52766562

    SHA512

    70e122c40e1db7b003389a212e1d8a505feeedba19b162826877299ca9f78568c0ed42be40d2b4e6e9a916f211ac22a328f3daedddd9e5d2fa83ec8d6694cd16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c138dd994a2fe413dab255e82147e9e

    SHA1

    bc915862ba64b60e810a191347d1402934939e3c

    SHA256

    ed30a633aa41b5bba36c05cc34cc66528b373667b990730ab78a42e84d000d28

    SHA512

    d88bffd1994480d7e3ee5722d1683630811d9cad6aac7ab17912f5c1c853583b735a841198bb62d241aa1f07470a4d73c52f104c39ecd722a74b4324574cc2fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63182b1494c530bdf10f69323eb3c813

    SHA1

    8ec70b1e73ff0c509102213bce455ca84803c82a

    SHA256

    63ed9c8eb931fc214bb2dbe934c7783a34e06232390abb6d091bfbe753769fbf

    SHA512

    69192d4eccc1205874cddfba206787cc98588df5df05944ca04f4dd8249a25bb42526548b45c98cdf71020fa6e10852b140dc1b764e9fb0914149cf10535c5c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c232ed892008d9def2c97b97c4825f5

    SHA1

    37fe912441cb0fa6715711ed82fccba7bf6da9e1

    SHA256

    55c8ec2227653ddff6522798892f47dae7b93c5ff7cc42b74257b7700ed8e39a

    SHA512

    bda564171530190ce36f2d76fa6bf7090a9db3d4809289d0da8aa396f96b0e022a8356f48f639009eef88748ac8ac07bb709f78a364282191b2bf957a07b1a79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed87ae37ac1f8cda47d6a9e7301a27d5

    SHA1

    516d6a17bb484c01d84820097d19d7961a82529b

    SHA256

    fbe5ddb1b447cbd82059060422852b419ab721f736efe1cff3f0563873fdec21

    SHA512

    b54e490cb9ccb4fb2e22859bfdc358448a2919e6e1496195ace6d52c5f7d9a8aefe5f18c0899dc9e25c957e372a5328cfafda8d8755a0e8d6b02089329166303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    422b536b8a100d9dca3c870f5f656075

    SHA1

    6659b1d43d9857fa9467658082a1458bc91c8542

    SHA256

    127da35b967e184bfe6e2904c7b03e8b32b25e8dbc4da97d19618e2bfcd051e0

    SHA512

    b8142f27685ccbe14db26a10eb198ef8f4527df8d550038392e49f3e831e2663cdd79f86bd7c24f1a22cf1888d6963b5610c3506638db451ef1cf472112d6873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9a137893c12d5ae8cb3ad9534712dca

    SHA1

    cfa1e0312d27e6d872e045151f79b849e157afcc

    SHA256

    06323c846966589d7b2ad24e3bab6b0767ece2ad33874faec148d0b3436fcb65

    SHA512

    9a8d46acde77a4852d6f3839d6636f8bd9733d1a548d74c113667ed5b787102fa7d417a9f5df2653231798624e1aa5d8998c48021ffd5e71af0d2b06166875c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85849278eacf8fb3538fbb8c2edea492

    SHA1

    280bfdc12fff3cae5fb794dcbc7963a1fd8f6907

    SHA256

    2039db636bf3ffed4e3eb292e84353b4fd157303c7283edfb7a00bb7b49d3856

    SHA512

    86b6addbbbd8086f58fc8a0b7d2de1ca268e70b4c57815d7ce853708bd191abd6ac8b5f6623154d476a5042407ca621d4801267c37720a81c65418c1e7958977

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d23934e355d712ef62f85075b2be5b69

    SHA1

    86c6e2e2a1cd71d024e8603b69169690f0d5dbe9

    SHA256

    37b5bfbe6dc34a3602033ad65d58dc04bec70e26eda270664a3a9317b442af57

    SHA512

    6c2bb49f8aa4c514f979d20994377b54e88da304949bc59a019e0b3998919e643c778ca80481965a698d0f499c27c897dad29169f4c2a1b1a0fda0f47ad9e272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d8648ab0a9d3e649fcd6334e5ec1a98

    SHA1

    671a9a49fe164011f561984afc83720c75119c23

    SHA256

    62db229fcb73ac900be93b2823c2cc9f968fb4c0734a3673682a1941242af61e

    SHA512

    8c26f06450f72d4214dc520275eaf7007ffb7efa81ad0a6bf3438045d9d216d7b1ad2e34c626a9e38fb23610f9ad279dfb48e8811216cfea460e50415566aeb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17fe5e635075154dde17537f4f3c6d41

    SHA1

    44d8d3657fe2f89661a222d30e63aa8193332718

    SHA256

    ff16799e7292174b3643aeb2732e290c8a6abb07c55e1c61dc2cb580dc0c506a

    SHA512

    f1f3523a4b2ac97155c011c9fce14b9384ea22f85e5a11a1c72c02c92f895531595abac45dcb2e9f552117af84764d8da59dbae561de22f81af828351c2ab404

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ab19ab41a4847bbd84cbd997f52d440

    SHA1

    b435e3b3348e9c7285d21ad8285c31386dff9130

    SHA256

    1b3d932bbdc1fa62ae0f7f4f6c6ec6b0a3af11947f4c91af3b7a9ca32f02d43c

    SHA512

    acf1aa7f54014184c880a8fe5f8a1d62c543ecb83a46d2781b1679e0c39837233c97ad7cad15becf3de1ca8db8573755da04445d1f60422281e7f1e05eca4aa3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfd1f204aa9a839a41d18f2af80d79fa

    SHA1

    8c7c876579060d92fac2d97cc7e748b9b3bbb1f9

    SHA256

    0c51d145d0f4c77e222c434f9d0bd86acac70c91c38755130d304d7146c08a84

    SHA512

    649ad3a2154830cf9b914b25056cb367247acb53c3f7effe82b39cd19386e2aec78afc635a071d828ca75240e8faaea9d5f3fba70fd16b7e414c8afd9131c210

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7a5cbd40b1c9025e6157dce6f2ce7e8

    SHA1

    c6cd43bfd47691822204716ada09730407605cd0

    SHA256

    82d4ace21de1f19a40599013af8c7222769800560ae18adfeb7064f5f715ca53

    SHA512

    0e5861280ef7a96f04a4356d25aed93bfcad1c0738aa11b496581838288b484cc3f7ce44025eb22941c4349c0272ac2abc71600c3ece7aac43519d771a96767f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74e7f20f1532fc747597ea36a9bf97ce

    SHA1

    4f9cc447f84cdafae9b2d01604acad636f41463b

    SHA256

    bb4a51e3e95d571ae9f7b16e5b73a755616dc2129332f0b5437127da96c6c680

    SHA512

    2c68748f4525c9c68233176cae135f1e472849e561b4afdf557568120e3a69dc187cddd95563a623b291899f18f5bfc730a2e694dacd7a1d83ec12f88b0ede15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab547A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5547.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    66KB

    MD5

    09aa39ee43751131ebbe9c1aa965e087

    SHA1

    29dba8453361be1dff0532c95181d0567234964f

    SHA256

    c9cc36f6b25baecb1b674a1380ece6e6360d1e108091607a8ea733ca2b3e721e

    SHA512

    acf362ccd1c0a3a803b146aeb15e0d65f2705fc1f3ff24209690d91a1310d297588bb2d83dc9a2a8b738656cb441edbe013227bdd1835130714366d8e1577f9a

    Download Submit