Overview

overview

7

Static

static

3

c78a060f90...18.exe

windows7-x64

7

c78a060f90...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.exe

windows7-x64

7

$PLUGINSDI...er.exe

windows10-2004-x64

7

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ub.exe

windows7-x64

7

$PLUGINSDI...ub.exe

windows10-2004-x64

7

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...BL.rtf

windows7-x64

4

$PLUGINSDI...BL.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 19:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/cadstub.exe

  • Size

    129KB

  • MD5

    fd34dc1b1deb083654ebcb9290414597

  • SHA1

    b72fa361b85563a6ee3e7b16c777aa4aab4172b3

  • SHA256

    f4131fe9e3d620027fe28b482a2568c1f3d4ea89d0561c0ea1a6d0c175c38f55

  • SHA512

    e92a4b99f7b9c08373f6076f29f233c589a295091e8a1cee49b224001b74024adf46439a9f90d710bf85824fd7b04c76649df7f8dc678dd249f5514945bec597

  • SSDEEP

    3072:sgXdZt9P6D3XJCjHwNhDmvKyOuSIU5c/S8HFELOkNhDd:se34qEDmvKy7SIU5tSuFDd

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\cadstub.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\cadstub.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsoCA81.tmp\inetc.dll
    Filesize

    24KB

    MD5

    1efbbf5a54eb145a1a422046fd8dfb2c

    SHA1

    ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    SHA256

    983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    SHA512

    7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.