Overview
overview
8Static
static
37934eefc7c...39.exe
windows7-x64
77934eefc7c...39.exe
windows10-2004-x64
8$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...FC.dll
windows7-x64
3$PLUGINSDI...FC.dll
windows10-2004-x64
3$PLUGINSDI...SC.dll
windows7-x64
3$PLUGINSDI...SC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDIR/nsSCM.dll
windows7-x64
3$PLUGINSDIR/nsSCM.dll
windows10-2004-x64
3$PLUGINSDI...ML.dll
windows7-x64
3$PLUGINSDI...ML.dll
windows10-2004-x64
3AxInterop....ib.dll
windows7-x64
1AxInterop....ib.dll
windows10-2004-x64
1AxInterop.ViewerX.dll
windows7-x64
1AxInterop.ViewerX.dll
windows10-2004-x64
1CagService.exe
windows7-x64
1CagService.exe
windows10-2004-x64
1Common.dll
windows7-x64
1Common.dll
windows10-2004-x64
1Core.XmlSe...rs.dll
windows7-x64
1Core.XmlSe...rs.dll
windows10-2004-x64
1Core.dll
windows7-x64
1Core.dll
windows10-2004-x64
1CsExec.Service.exe
windows7-x64
1CsExec.Service.exe
windows10-2004-x64
1General
-
Target
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe
-
Size
10.4MB
-
Sample
240825-lt69xazdjk
-
MD5
8a16c4b0c08337f7e78ae8e04e72bde4
-
SHA1
63d3a549702aceed4b3f69cc465a941ff15fefeb
-
SHA256
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
-
SHA512
c468e5e4ed31a6018ed3cecf4d996239f9a280b66d5f674bf6cf0fab35baefa946399238e99e55816482400235b0ef07d922f0d913ceeb2ad71a79c674da71c8
-
SSDEEP
196608:RaZk+wgTIWmKN7oaKn5qVbrQPFOsti7A95DlWR/IT030HyB5Hsi:1ngTIA/KQOE7ALgIT0f5Mi
Static task
static1
Behavioral task
behavioral1
Sample
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SimpleFC.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/SimpleFC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsSCM.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsSCM.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
AxInterop.MSTSCLib.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
AxInterop.MSTSCLib.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
AxInterop.ViewerX.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
AxInterop.ViewerX.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
CagService.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
CagService.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Common.dll
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
Common.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Core.XmlSerializers.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Core.XmlSerializers.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Core.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
Core.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
CsExec.Service.exe
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
CsExec.Service.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe
-
Size
10.4MB
-
MD5
8a16c4b0c08337f7e78ae8e04e72bde4
-
SHA1
63d3a549702aceed4b3f69cc465a941ff15fefeb
-
SHA256
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
-
SHA512
c468e5e4ed31a6018ed3cecf4d996239f9a280b66d5f674bf6cf0fab35baefa946399238e99e55816482400235b0ef07d922f0d913ceeb2ad71a79c674da71c8
-
SSDEEP
196608:RaZk+wgTIWmKN7oaKn5qVbrQPFOsti7A95DlWR/IT030HyB5Hsi:1ngTIA/KQOE7ALgIT0f5Mi
-
Creates new service(s)
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
31KB
-
MD5
83cd62eab980e3d64c131799608c8371
-
SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c
-
SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
-
SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
-
SSDEEP
384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
a5f8399a743ab7f9c88c645c35b1ebb5
-
SHA1
168f3c158913b0367bf79fa413357fbe97018191
-
SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
-
SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
SSDEEP
192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score3/10 -
-
-
Target
$PLUGINSDIR/SimpleFC.dll
-
Size
175KB
-
MD5
6d38bb6f6f19c2c22a7ef774bc5d9855
-
SHA1
99778940e059238ca23a513e717d4db2cf34e606
-
SHA256
11ccded83aff463fb6f754ae4145efac64c9238917ab9a35045a67e4fdb39154
-
SHA512
12a3999c73e43f3a07460c16fb6c6867b551a159314df15f05d6b4ffece450764bf1e27bb03ba5e81d8483b793d78d87a50391883bdcf4a441a4cd0e4035bada
-
SSDEEP
3072:p2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVIgqKDhq426Au:Ys4zIg+rKTTmnhfAoSxqgNtqX
Score3/10 -
-
-
Target
$PLUGINSDIR/SimpleSC.dll
-
Size
61KB
-
MD5
d63975ce28f801f236c4aca5af726961
-
SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9
-
SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43
-
SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810
-
SSDEEP
1536:i/qXv1si+Xsp9MNptZ8KMT6+nMA4fx+kmA:Bv1EXZnLMT5M3x+km
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
05450face243b3a7472407b999b03a72
-
SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
-
SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
-
SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score3/10 -
-
-
Target
$PLUGINSDIR/nsSCM.dll
-
Size
5KB
-
MD5
62efa7b730eb0523a026ea4325403b77
-
SHA1
806ed3bd677ccf5d9817c9b464015e347f2c8f3c
-
SHA256
0b96456e8cf6b3e582388d3e530c73ce9121974381d51e5a21cd945c75fd2a38
-
SHA512
748237582e1c25655cf512ec6b1a2f9ad59b3a0da2c3cada535f202dcc66e068ab3bb3be34016f944a4a4fae71a16aea12f9725fe9f679b3fd1073639e31033b
-
SSDEEP
96:tqlcg4xFj0Gm+dqJ8tMQluPF/KSEmkpY0Qe1pe:tqlcg43jZRA4Jlpp5Q6e
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisXML.dll
-
Size
11KB
-
MD5
13deb9a0f4e4286df01abc85e1895e09
-
SHA1
3174853b32407fd85220de844b390a18a8a76c97
-
SHA256
c40ef0b41c035b6d29656616ddc113a717bfd1bb78c9fcac75d7b6eefdc7bf83
-
SHA512
604aa82a9c4818d2f63fb11bbde561afc137a77e9f3108dfd7f4596524e46ce71b6dc31606bce534b600b250c3b4092a311fd1eced83da01156d5bcfaad7aade
-
SSDEEP
192:GRTSl/ex70OJp3U5WtRqRLnOyhb6hz801Sux3ulXhDQR:GRTSl/kfzWIRqRLnOy3mxaX1E
Score3/10 -
-
-
Target
AxInterop.MSTSCLib.dll
-
Size
240KB
-
MD5
0f581e56ed5ba500ce5d98d105b04a37
-
SHA1
b6e2cade601bc6fd15e7f07ed41a4dfa4ee0a589
-
SHA256
f041747b5b6b20b6620ca13a7b276c9e9070e54cda8c29f6add54cba9a42a2f5
-
SHA512
9034b8c289ce3ac9386d43473a019a9b45d9de82090e7da90c3cfbb00c8e9aa1509eba4787958495ebb928481f7b42edd184ec9e0c0009d4f2f2ec98bbd92fdd
-
SSDEEP
1536:/ri+u+4qhkPZVb45mF2UQJlPg85ycFtIhH0rOP7gVzySImpYQ6BDdrMkwbTTj+6v:TuBqhkPZ61wOrOzgVbpx4aX+6C1Z5gd
Score1/10 -
-
-
Target
AxInterop.ViewerX.dll
-
Size
40KB
-
MD5
edc5e696c4ad70f0be6301f703ab3672
-
SHA1
9c699039715db6bf6746e438991988f9cfaf8ea2
-
SHA256
c6e5f17b2bc91202a1c6a9f3f0547cd7f208368b4cfebb53f234a55f87c5acd5
-
SHA512
58d9441d9648ece7f0284da75fb79777679e4f00610a71399ad2a22df8b418995f6a3fa06d69c17e62faeb3e7f061e3b3ec13ccf2ac00a809832594943c33760
-
SSDEEP
384:2rezJLlifR3sVk72M6InhrJqOr9xun+mB1UDn0mVLAp8RQJ:wo3ifYBIpJqe7mUD02ApXJ
Score1/10 -
-
-
Target
CagService.exe
-
Size
20KB
-
MD5
475d122dfc7f38cdc8ada4e78c29476f
-
SHA1
4e82b43a568d72d23f69afeaea5123cf0b663e10
-
SHA256
524529cb73b924d7cb7c3b6a63537ffbb57c91c1aeee76905ab088b8768bd3a9
-
SHA512
86d2ef11072b5daab8b20268ee516885ba9b3b7ec87c753e42032eba30a5c681bc4bad599242d2981b15adfb966ff11b5261e3c5d181314030efc74d2b0b8105
-
SSDEEP
384:DDCIU+F4cOgXWJUHkwfrTJHsySIYiMdbqm:deB+N3/Yi3m
Score1/10 -
-
-
Target
Common.dll
-
Size
17KB
-
MD5
5f00964f1ceb0028ffa1d6cb2bb802da
-
SHA1
51e1f9dc42cb6154897df79c583940d3cfcc4fe5
-
SHA256
63b211fc957d0af9afac3fd7ddaa6fa26910c1609609d093cbba86771b4e6168
-
SHA512
b2e926dd9988befb3aa066a3e08f3d74049648aa838141f4609c3b0d65a04dcf0c76ebfcdc0aa685c196a24d03f655a7cfa3e311ea28e8ce420d257131a02c90
-
SSDEEP
384:t8l6iMRjEdXzqsKORsdsFuJJSIYiMdK6D:S6iMguEFuH/YisD
Score1/10 -
-
-
Target
Core.XmlSerializers.dll
-
Size
10.6MB
-
MD5
8e03044775b38cb3c3a1349a44c87b00
-
SHA1
9bcf71e6bfa1e34958f04d4fb22bb85140696329
-
SHA256
6b531d00b2481cc14080f6903667f7dd529fa090c2855a777da34ede3173cfd5
-
SHA512
dff5467bab3ce14c922ec6e7e850af3a7a03e1784bcf1da9f1443f6d3ddf6ff7f2ce0544d8f808562f5a4b14a30896396004cee01d8d7dd810bbc0db5ce13295
-
SSDEEP
98304:hm5L3CWeHCloGwJlx1s5l4i8CtlC5ryOBC3+94l1XZe00eO:OLyWeHClNOz1W4R8Aq3w4lA
Score1/10 -
-
-
Target
Core.dll
-
Size
2.3MB
-
MD5
c52c091441560c25f69fc82ef963d3cf
-
SHA1
5a93e265bb9172a2a7a78e1624df6836a30d3c33
-
SHA256
1aea56fad229ead28e18e2ef953e7e949101865dd063bb69df62194880cef037
-
SHA512
5e122621a3bf675341724b978f2dde8ccbeb6fc229493bde7a9750be75b3873207a74f2ff0e84e9e80dfc8c4341bd88d4dd2f7d0ee868c6e97603f2508d6e21b
-
SSDEEP
24576:hoL5aa+q+Nx6f4zWapi9f8jTFNKE6tK9zMm54o9M5qtyxGX+JaZX442W:hOIa+q+NxlG8jTFUfIGU9r
Score1/10 -
-
-
Target
CsExec.Service.exe
-
Size
15KB
-
MD5
93692fe982ff635bc9286979b9d390f2
-
SHA1
704bca5b51f045510a6dbee8bbeb7cfed1916e4b
-
SHA256
8af4ccc77c49f775ec8876f41381a922d215ad5141d8509a5ab8bcf03472c65a
-
SHA512
74e383b92a349e010df713e4e7384bcbab1a8ae0757796012520d7858972b571379bcad484df6415f5eb0c05c3e9bee9b7842d8fe3bd19d2005d2b8c08b256c2
-
SSDEEP
384:ysZOOW1SXLqF9Am3p0vA3C9h0VcSWLreL9/lAKmd+:8SXLqGmavA3Ccnj
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1