Overview

overview

8

Static

static

3

7de8180e9f...9a.exe

windows7-x64

7

7de8180e9f...9a.exe

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7de8180e9f1ceca40237aac18aad65a1b77cd2ac6b5d5e62313de3d5a7beb69a.exe

  • Size

    19.3MB

  • MD5

    eae570f6f6eac4864a9c648d81c274aa

  • SHA1

    199f5e14447a8c3ed91400774bb57e14aff10cbf

  • SHA256

    7de8180e9f1ceca40237aac18aad65a1b77cd2ac6b5d5e62313de3d5a7beb69a

  • SHA512

    aeef331f3d83b6abf988617e31156f2ca44b4e1deca796c938ef215362051767baf2ffdc3b9138557e87f0a64381a688eae3ded50663d7770b908e7397897181

  • SSDEEP

    393216:BrV+jxMXcxLYi2nZRjbdDjQchr1sLZAg2zIW64Ld1ZTbqg0B1ffb:7+jxScmfnZpNjx1sLXgLLLxT2Hl

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 10 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7de8180e9f1ceca40237aac18aad65a1b77cd2ac6b5d5e62313de3d5a7beb69a.exe
    "C:\Users\Admin\AppData\Local\Temp\7de8180e9f1ceca40237aac18aad65a1b77cd2ac6b5d5e62313de3d5a7beb69a.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:292
      • C:\Users\Admin\AppData\Local\PlayingWarned\app-1.0.0\Playing�Warned.exe
        "C:\Users\Admin\AppData\Local\PlayingWarned\app-1.0.0\Playing�Warned.exe" --squirrel-firstrun
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2704
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 2704 -s 92
          4⤵
          • Loads dropped DLL
          PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\PlayingWarned\Playing�Warned.exe
    Filesize

    190KB

    MD5

    5b6e870a291b21da13e15c42a932d12b

    SHA1

    67aa9814c6e2dea564edd78fe35035f30a3c5b47

    SHA256

    9b652a6b323652b45249944a8f56a6f9926b069a58da57a6388ec89b48e20cb1

    SHA512

    54b8ef29820d466f78361a9226b6af17b1f9a0f5b7f0049e854929bc0d829c25268ae9ee06eb6485e97e5cebe942d5a19865c5338df134ddcab427ed9917974e

    Download Submit

  • C:\Users\Admin\AppData\Local\SquirrelTemp\PlayingWarned-1.0.0-full.nupkg
    Filesize

    18.4MB

    MD5

    e14a5e8780e8b0c352f55a408752b05e

    SHA1

    264f5f78c4bc66f13705938a04555cd70cb020b1

    SHA256

    31376171c0383a5177b5c8e7f97b06eae0b633d340ffb802c84a7a0fb90cdad1

    SHA512

    e727cff1991166b913edc82ab9d858f90a600c096cf8ad6daffb949970df978ce5b69626424e950cbabf5ae31b5f8b00789c7f02ec0b9f03ba25a15eaf162f01

    Download Submit

  • C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
    Filesize

    83B

    MD5

    3f0c735f19318379c55ea1446e023287

    SHA1

    628917693760fdfa1545ce17e61489f0c42ef154

    SHA256

    e92d6bebdacec1966574f09a211350978092fc18a87f4272de58d512d626d0cb

    SHA512

    fbde3712c7208df56a00400404fd24e272e7b3669b3f55d8e99e62879201a3f3b78a87e07dbe20be8208319641eb97e1e6e5d50f82421629133fc6b52a66d740

    Download Submit

  • \Users\Admin\AppData\Local\PlayingWarned\app-1.0.0\Playing�Warned.exe
    Filesize

    29.1MB

    MD5

    fb02cfc7c427c49f3154b0cf903a48dc

    SHA1

    27c7608fdb0129894a949dd6dbdf0c84e9e1a864

    SHA256

    c8ba4f704b476f96389bdee5700ab645c7bade78c24da4bfdc6c687db5d2a3cb

    SHA512

    5aa964b30fd31f492405710b360f582ce4961a5ead323e74d06670cd1d4752a94820e98ad82795394c28eb66e749b1d3a8e210035b1953b2e6aca22db1222f8e

    Download Submit

  • \Users\Admin\AppData\Local\PlayingWarned\app-1.0.0\version.dll
    Filesize

    29KB

    MD5

    b85c7e5c747d8c73d0bc0cc79c76fc65

    SHA1

    8112f4c7550a8f03ec766a8464066fd7436b1524

    SHA256

    892f1f48f6912fb3a2802de052121a0f7780582f71dc6e2778094941405a3c02

    SHA512

    e8f313e480ffb3450c3d10f4fd0c9f740ae6b82c2fa6a82e55bd90082243f4a08ac3adf53d38bed7dbe019df981ae4c39513be0242f4109f3e2fd12d37687d3a

    Download Submit

  • \Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    Filesize

    1.8MB

    MD5

    a560bad9e373ea5223792d60bede2b13

    SHA1

    82a0da9b52741d8994f28ad9ed6cbd3e6d3538fa

    SHA256

    76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc

    SHA512

    58a1b4e1580273e1e5021dd2309b1841767d2a4be76ab4a7d4ff11b53fa9de068f6da67bf0dccfb19b4c91351387c0e6e200a2a864ec3fa737a1cb0970c8242c

    Download Submit

  • memory/292-11-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/292-8-0x0000000000F30000-0x0000000001106000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/292-7-0x000007FEF55F3000-0x000007FEF55F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/292-75-0x00000000007C0000-0x00000000007CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/292-74-0x00000000007C0000-0x00000000007CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/292-76-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/292-78-0x00000000007C0000-0x00000000007CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/292-77-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

    Filesize

    9.9MB

    Download