Overview
overview
10Static
static
3HA_SendLin...re.exe
windows7-x64
7HA_SendLin...re.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/Assi...fy.exe
windows7-x64
8$TEMP/Assi...fy.exe
windows10-2004-x64
8$R0.dll
windows7-x64
8$R0.dll
windows10-2004-x64
8Assist/$R0.dll
windows7-x64
6Assist/$R0.dll
windows10-2004-x64
6$TEMP/DUDU_HH.exe
windows7-x64
10$TEMP/DUDU_HH.exe
windows10-2004-x64
10SendLink.exe
windows7-x64
3SendLink.exe
windows10-2004-x64
3SendLink.url
windows7-x64
6SendLink.url
windows10-2004-x64
3SendLog.html
windows7-x64
3SendLog.html
windows10-2004-x64
3SlideShow.html
windows7-x64
3SlideShow.html
windows10-2004-x64
1Support.url
windows7-x64
5Support.url
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3Analysis
-
max time kernel
95s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/09/2024, 03:48
Static task
static1
Behavioral task
behavioral1
Sample
HA_SendLink191_Fire.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
HA_SendLink191_Fire.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Splash.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Splash.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$TEMP/Assist_hanzify.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$TEMP/Assist_hanzify.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$R0.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$R0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Assist/$R0.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Assist/$R0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$TEMP/DUDU_HH.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$TEMP/DUDU_HH.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
SendLink.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
SendLink.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
SendLink.url
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
SendLink.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
SendLog.html
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
SendLog.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
SlideShow.html
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
SlideShow.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Support.url
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Support.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
uninst.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
uninst.exe
Resource
win10v2004-20240910-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
General
-
Target
HA_SendLink191_Fire.exe
-
Size
481KB
-
MD5
c70f92533a5e197dcfdcc2c5edbdd98e
-
SHA1
aab8d6bf5dec47e89bd34ad036b4edbc73444563
-
SHA256
38a285fad90354c149689c2edcfbf2fa37441582fc97abfd4969739bc7df8c02
-
SHA512
fd22a20825ebd1342003210306a3bbf4f1cf9c80d819558543c98f73911b458f71de5d8294e689f265ec2e1366e19522346863934f836fca1fcb2d7874217dc6
-
SSDEEP
6144:FhF2fYDYYD+y82yhRHFSky3XEMV22Jl1F2BjplvitfMLuBTKP1265He0alrUHLY:fUTXJvHFSky3VV5Jl1F2BWBu126deHKU
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 3624 HA_SendLink191_Fire.exe 3624 HA_SendLink191_Fire.exe 3624 HA_SendLink191_Fire.exe 3624 HA_SendLink191_Fire.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HA_SendLink191_Fire.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 5040 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5040 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe"C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3624
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x46c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD51e8f2fefe3ce893b117b26948b8978cb
SHA159cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
SHA2568203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
SHA512b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
-
Filesize
4KB
MD5e07ad0d2f86ddf926911e3d2dbc2021e
SHA1370c93de8c9ba9549b0a646b329cb8d2fc7c91f8
SHA2562ada4d9531a62772ddd7eeb0737fe91925982c543990d9c0d4faaadde12b7ed0
SHA512c13747e3cb2d6712f3bf19bfe1bbbab47763239a4e21bbe685edbedae98bda9c7b8e4e06c22e8b7737752a3c3129e07c91c00b6e90ac741e891bc1bfa966fdae
-
Filesize
10KB
MD510c44246d99a1c2e5f5e6b52b111a63d
SHA10f41da79c3e789f4ae38738e3a5d73c538f8af4f
SHA2567a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8
SHA512e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3
-
Filesize
609B
MD527a81c1e326f9a089cce0835e4a4ee7d
SHA15738a2ddf634f4c05837788db761b6f21af3b964
SHA256a9efe9d3e50a54b7dfd6dae11efa9de92eda88080551be094721e297a8e7a560
SHA512adc6c687397a2e676f1fc8ce6b764065be2e3b18de03b2617c15226a7fe14252112e6ada8a5cac795dff3bcc94040464fa89ac86a2180792450d69b94ce7f285