Overview

overview

7

Static

static

7

88d9e6540a...0N.exe

windows7-x64

7

88d9e6540a...0N.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R1/npstar...ep.dll

windows7-x64

3

$R1/npstar...ep.dll

windows10-2004-x64

3

$R1/npuuseep.dll

windows7-x64

3

$R1/npuuseep.dll

windows10-2004-x64

3

$SYSDIR/GdiPlus.dll

windows7-x64

3

$SYSDIR/GdiPlus.dll

windows10-2004-x64

3

$SYSDIR/apphelp.dll

windows7-x64

3

$SYSDIR/apphelp.dll

windows10-2004-x64

3

$TEMP/nsisweb.exe

windows7-x64

3

$TEMP/nsisweb.exe

windows10-2004-x64

3

$_2_/CCTVPlayer.dll

windows7-x64

7

$_2_/CCTVPlayer.dll

windows10-2004-x64

7

$_2_/CCTVU...ll.dll

windows7-x64

7

$_2_/CCTVU...ll.dll

windows10-2004-x64

7

$_2_/CoCode.dll

windows7-x64

3

$_2_/CoCode.dll

windows10-2004-x64

3

$_2_/Localserver.dll

windows7-x64

3

$_2_/Localserver.dll

windows10-2004-x64

3

$_2_/Reli_CCTV.dll

windows7-x64

3

$_2_/Reli_CCTV.dll

windows10-2004-x64

3

$_2_/StartService.dll

windows7-x64

3

$_2_/StartService.dll

windows10-2004-x64

3

$_2_/UFDeMux.dll

windows7-x64

3

$_2_/UFDeMux.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/nsisweb.exe

  • Size

    29KB

  • MD5

    3950e11206ad261d52f3fbeb6727f29e

  • SHA1

    ec270419f3e82c8090351400f90136828bdd9e12

  • SHA256

    908e2a5f8729a0808508b3084d0ee904437d29f1364be17d7f4875540c39ac5f

  • SHA512

    1c874c2f60d41528538b436ddf7d72236690f7c34114c286f831af1727da27537c8636184396bbbb8624de8f9ab28c4ae393593fde2aa73e0fb67d3b095c2add

  • SSDEEP

    384:MVP9U9mK3HyAL5XfbiUyjDDE0sQReLUYJLu1wG4bC2:29NKXVTi/j/UTNLWQbC2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\nsisweb.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\nsisweb.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1724
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4332,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8
    1⤵
      PID:2044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads