Overview

overview

7

Static

static

3

c085a92187...18.exe

windows7-x64

7

c085a92187...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

3

$R0.dll

windows10-2004-x64

3

$R2/NSIS.L...0_.exe

windows7-x64

1

$R2/NSIS.L...0_.exe

windows10-2004-x64

3

$TEMP/CloudTool.exe

windows7-x64

1

$TEMP/CloudTool.exe

windows10-2004-x64

3

$TEMP/LongRADrv.sys

windows7-x64

1

$TEMP/LongRADrv.sys

windows10-2004-x64

1

$TEMP/LongRADrv2K.sys

windows7-x64

1

$TEMP/LongRADrv2K.sys

windows10-2004-x64

1

7zxr.dll

windows7-x64

3

7zxr.dll

windows10-2004-x64

3

LongRADrv.sys

windows7-x64

1

LongRADrv.sys

windows10-2004-x64

1

LongRADrv2K.sys

windows7-x64

1

LongRADrv2K.sys

windows10-2004-x64

1

LongRAShell.exe

windows7-x64

3

LongRAShell.exe

windows10-2004-x64

3

cloud.exe

windows7-x64

3

cloud.exe

windows10-2004-x64

3

mycompress.dll

windows7-x64

3

mycompress.dll

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

LongRADrv.sys

windows7-x64

1

LongRADrv.sys

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    76KB

  • MD5

    6f3832b6e799df1eff3412230cb27186

  • SHA1

    038fab84d662eb5ec0ee2e8876cfc76df0d664bc

  • SHA256

    baa4d062e62105ee60d54206e7750ab57a52a83e353fedc4a9e3bc12ff33bb30

  • SHA512

    c0d56863a151136ffd4543a11d4e6a25e0b2f05186aec016afe1febffef1c92155e3a700e678738cae14a86ac3658d644ab96f70c8cff0dccd7fa875aa6de46e

  • SSDEEP

    1536:Cppal05FyuC/jL052PgFEla4ZJJcCakPohDcA+MnTj1QxJAkLS6pbjD8:Cp8l05FyX0mpa4ZJJc76A+1tLTpjo

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe" "http://www.yunduan.cn/youradvice.php?code=&a=&b="
        3⤵
          PID:2096
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.yunduan.cn/youradvice.php?code=&a=&b=
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      24fe4b23293d067ab24a9721c88dfae2

      SHA1

      86c830dbdfa9220a34df011c2133b7caeca5683f

      SHA256

      958dbdd8acccb0171724f3fd8e81414c67e971d26e86c16c483acf20c4d16adb

      SHA512

      313a2131c239df402773f6d91642d476d2b08c6c8fc58532c52ddb1c69862af4b9520f1f040044f953db44902ae0cc5f5d1ed3e366e7426f108dfa767debfacc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      e27ff4e33f3c6eb3d60a51443e67e353

      SHA1

      c262e86587f6c36171138511bd0e1ea7a66ec837

      SHA256

      52f9952f64672c21c1a9169ba0e1d3260858b6806d266b517c97052bd0acef5c

      SHA512

      d5c221219a456ec03d1714320fec583ce9e30de060e53f016b6278cc1b4968d834f608d38468d3d4ca19b7d1be4ebb174b0178642061c454487669fceae0924f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      87661a9471d4fc41a7746f787e65b5b4

      SHA1

      faa73c5bbaad0c8d9713fde156d4c5da45c97709

      SHA256

      99b6e57acbb78e1110117f64cb0e30ca9c341804fd8e86824e66382aa8868c1d

      SHA512

      f68050ff077fa45b288d077544baa78ced80545d706c9a0ada78ed370adcb7c64c1ecf9277c94221436228cc087d993369664ca48c86e8cb939c3250e326cb8f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      0c67ab859476b97477786b8476bda7cb

      SHA1

      df0d723da1b3ddacf354a3660288208bbd31d085

      SHA256

      cd97212df0a0c43359e7cad75ef2f4fb3f884d7e7a6cf544bb5c3416793de993

      SHA512

      5ecfbdbc45a409fbfa7977e72aa8acad12d5f55ce78fbf3d8ce649d5e782dc77aeaa4cbd291d49b6acb9ce633e2ff43c242d6d266f955618a2b1a4274a7f6256

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      bb7051825cf1ae5fbad29e19f9e592a1

      SHA1

      866eff42912a58f3fc99dc1c2cf43056e518c331

      SHA256

      67516ce24149634c797f13e974885bd528edaa397856f0ee103844bb48db7378

      SHA512

      4987e0e156f54db0e2bd3951c5646b29f9cda371878083ee48847df7840981c6f04b682297cdb17827af3ff685cd5f178da35c92f0555faa407b5ef71ca58ed1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      cdcd65220bc301f9253ea1b984280773

      SHA1

      3b616e97ff72a3cc5dc41b9e8f05823b131733d6

      SHA256

      ea1cfceac8a73b9d0271737edbf43bee4b6c133f48f07edb71e48b387f3d3817

      SHA512

      f8cb7e32ddfb0072599b40a2cb2cccb5cf690e6c0954ce13734f5a316a704b2ebf85beb194ce7ca5baeac94f8fae80b896f2604df26d2ebfb7a7e69d286f2b20

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6324c77dd07ea77cc7bbca5d481be0fd

      SHA1

      39bc66817532e1eb1ab1490c7b33b44b917c2e32

      SHA256

      91fac7ce28af4c548d2b9e8a27ac3de25870b7ba2e1762ccfa30dc5bdadf240b

      SHA512

      ad69d78ccda39581656bc0103549e0af8d7abb65d616ff3e63302323e87ba0f21c8e1885655e603b5b29c2d447cdc20763d5644d28797eee8634fdc02783af34

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      13f278f46d1fcb593eb4bad22400ec61

      SHA1

      946871182b5396755335ea1246bbd1a8aade66bf

      SHA256

      560f4d24f425df2ec0b9ccf8e85aed44996bdf9e6e51f7455f6b42511532b19c

      SHA512

      ed46c2cff5f1049fc149898383e9d8a66f20d87c40141cfe43201aced8a44c883a5a5297e5e9620dc7fad2d701fc2d17f9f19ae6b70263c0cf3e31a5bc8c4ba3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      b02fba3b7b7dc8860a88eebd93e5a43a

      SHA1

      432ee9fb5f20953651a889c193964060aa36a712

      SHA256

      b653aac268128ecd7427d9f01dd9ce10e448b11938e65b78ffbb9d02a4b170d5

      SHA512

      c743a0573b8c53cad5868c546b67c20e57be72936b3f7d484931fb9757434c64da5543de4594c3a2815ea5460e90fa12a153c1a9b35b2200d67d56edd977f33a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      3cf14bcfb1ab58621cee772b33c656e6

      SHA1

      c93f313b5c25d6d315255a6c3002f8c60721e537

      SHA256

      57774c3200666e5e267190e1a99126f17a0cf9502b03d6145b186698118fc80b

      SHA512

      7e132efa1fbee8056cda87e6970b377ad6e0f19bcbdbae30a3ac95030e14a7caab216d1b5ce7c44a4635c1f562343398ac5b6a68bab6797bd82f3351b07e1706

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      422a56a1c01fe34b66b692aa70da202e

      SHA1

      f23f2a076408c89f8e8b7566f356a8a2bf9336f0

      SHA256

      7907bf4189e492d0882a5b08aef4721d88edf00f6d4066fff6f4a62b11d5750e

      SHA512

      b28984ac7e2334f0d207010b10edfa9fd2101cd7b0395a6143edbc1962f929d29edd4063ad40542bfed3a57ed59f902674c1c743accca4676cc2a01aab7e7733

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3749.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3846.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      Filesize

      76KB

      MD5

      6f3832b6e799df1eff3412230cb27186

      SHA1

      038fab84d662eb5ec0ee2e8876cfc76df0d664bc

      SHA256

      baa4d062e62105ee60d54206e7750ab57a52a83e353fedc4a9e3bc12ff33bb30

      SHA512

      c0d56863a151136ffd4543a11d4e6a25e0b2f05186aec016afe1febffef1c92155e3a700e678738cae14a86ac3658d644ab96f70c8cff0dccd7fa875aa6de46e

      Download Submit