Overview

overview

7

Static

static

3

Cheat-Master.ru.exe

windows7-x64

3

Cheat-Master.ru.exe

windows10-2004-x64

3

mod_sa for...g).exe

windows7-x64

7

mod_sa for...g).exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...od.dll

windows7-x64

3

$PLUGINSDI...od.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

7

$PLUGINSDI...up.exe

windows10-2004-x64

7

Uninstall_...CM.exe

windows7-x64

7

Uninstall_...CM.exe

windows10-2004-x64

7

d3d9.dll

windows7-x64

3

d3d9.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 17:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/dxwebsetup.exe

  • Size

    285KB

  • MD5

    14ca145edd4f381e1adad6c2ceda5e7a

  • SHA1

    1f785ac7c5da7cc2750de9991cbb2d72b570ab82

  • SHA256

    b68ca13c29b2c9ad899f68fe3f9baff7ecbb848e963604ab5f66bcbf420a26c8

  • SHA512

    58c08005db38c9dee19d9ee02717fc9780fcd61a41e14491c51f7f23782511737ec8235637b797b3f83cef4028aad3edf746ab87e02ca08aac2727cd1ba7788f

  • SSDEEP

    6144:nWK8CN+qHUKfw5R8DPv5N6RkMphh++axWzfAHzxHtUiq4:ngKI5R8DpNakMpWn0zmtUiq4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\dxwebsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\dxwebsetup.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll
    Filesize

    93KB

    MD5

    8cb755b5b14674c8f8283ccb20a2298c

    SHA1

    7e519cfffa14a8a0e9f96e1552e3e8e2b35f7b84

    SHA256

    715d2128f5132fc827a5fc7ca83ad15b03eab353e93fa1f99a435fb174829085

    SHA512

    03e0ec41a2eec698c2c01490ce0b0ee5c5dab85390889c20efb5eed97cb3a15668d91903d91a23ebaa76f1f92a44d2e32a920f2eef8bac75acd7a594535c1104

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll
    Filesize

    1.7MB

    MD5

    7191e87049d9f8fbe220e5a7c0a0a5db

    SHA1

    f695639d16b30d010a18838bddda406b0458b8de

    SHA256

    9258ce024b84be2498a4437f9214b8ad9dd44b632200027e13e14fa5ffc008e8

    SHA512

    cd76b9de232faadcd084d1a595a82eafa904b945a487048974d5518bf72f74bebd7b317cd89226531a23ef3b27d476bc091658c25132f9f268c68e0c9ef73a35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
    Filesize

    539KB

    MD5

    58ebc7d092bf3c697ea6e4fde55260ca

    SHA1

    7ae821ebbf840f0356e8100ef56170cf68c78741

    SHA256

    291fa135e523a13c9d633ab6de0d8f35931f5e502fb57953db2b15bf9aae32a4

    SHA512

    a0b8d41928f7721272a29b4e403ca5d061813f5b1bbbafa8e16819d1568e08907f30990f36a1beb22ec84860e56b0440be25865ab7d897e6f39eec66ab1ce614

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf
    Filesize

    477B

    MD5

    ad8982eaa02c7ad4d7cdcbc248caa941

    SHA1

    4ccd8e038d73a5361d754c7598ed238fc040d16b

    SHA256

    d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

    SHA512

    5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

    Download Submit