Overview

overview

7

Static

static

7

d4c8a3819b...0N.exe

windows7-x64

7

d4c8a3819b...0N.exe

windows10-2004-x64

7

"aminstall.dll

windows7-x64

3

"aminstall.dll

windows10-2004-x64

3

"solitaire.exe

windows7-x64

3

"solitaire.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

fmod.dll

windows7-x64

7

fmod.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    114s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    66KB

  • MD5

    86545cc1d7a3fb9fbb64c892a680b52e

  • SHA1

    886126e346fff55cd4f5fed002808bc8a686d8ff

  • SHA256

    4467f1b1c277eb2019e67372b6ef4cfb3dfbae812f82c3fd111f11a92a9c8ba2

  • SHA512

    778691da163c66ff516c633668d1a861af7dd7bb02701d31d0885ea0e009a6744f724df59c0524ef04c2faaac55091d5e0de68acb79ad8489a3d4922d1dd84db

  • SSDEEP

    1536:XKe0DnjRrJav2FnUIRr2vMYBJvqAELVigvHhn1bi+v/5Qmdm:XGD11a8YBJSAI0Q1bmOm

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
      "C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3800
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4396,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
    1⤵
      PID:512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
      Filesize

      66KB

      MD5

      86545cc1d7a3fb9fbb64c892a680b52e

      SHA1

      886126e346fff55cd4f5fed002808bc8a686d8ff

      SHA256

      4467f1b1c277eb2019e67372b6ef4cfb3dfbae812f82c3fd111f11a92a9c8ba2

      SHA512

      778691da163c66ff516c633668d1a861af7dd7bb02701d31d0885ea0e009a6744f724df59c0524ef04c2faaac55091d5e0de68acb79ad8489a3d4922d1dd84db

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsp510A.tmp\InstallOptions.dll
      Filesize

      12KB

      MD5

      4c7d97d0786ff08b20d0e8315b5fc3cb

      SHA1

      bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

      SHA256

      75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

      SHA512

      f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsp510A.tmp\ioSpecial.ini
      Filesize

      610B

      MD5

      07072da3b796e03e8766b52b0ddc433f

      SHA1

      7a666bf3070c8b312f2f4ac004d656a47a5b9fb9

      SHA256

      8fee907fb8e66bf32069123067292bed60a6c8a1942df9f3a79d7bfc89d6a86f

      SHA512

      44a5d7586d70c727d023e47eb6c8c953fe552a3c1234f023b6e6ce19e726afcfc61f95fcd900acc49e2810a250637430d7137a1c77326eb7d9484d2c76f3bb84

      Download Submit