55f56a1c210c1dff9fea6f0ad4bfb83b794b236b7bad36951f9f2397494185cf

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/$_279_/ProxyInstaller.exe
Size

79KB
MD5

72e5a90b1f5fc94b29efd45b9a956235
SHA1

2cd1a3a1e68e1702264f2d887a0c435c9ea2793f
SHA256

5a80fb4d5951a2e8d51c28839ecc6c26b36a427233ee60547d436224d2cc04a9
SHA512

c646e045f643f2f2991dd2de6c7d29223ba1cb432698a4af7420e79b3c83f6f32876cf2d46aef061385049a85603ee15fb806b0a9e87658b2151de1df08528ad
SSDEEP

1536:UVdePelp2Xy+tuQOzOYE5aXPnNF80LlIhFtTM4fFMS0X1u0:nweqOYEUXPnRZMTOjXU0

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe
2436	ProxyInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ProxyInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\$_279_\ProxyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\$_279_\ProxyInstaller.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nskA556.tmp\System.dll

Filesize
17KB

MD5
a4f38d1c7a480f5da1bb8097b8b939db

SHA1
b3129c2a0e61881381463f5e0cbbffa573daa845

SHA256
e1180e1e3344c7536150275e33de53dc1dd1a3ca03be66c4d4875fe5bcd4e436

SHA512
fed89f7ee9364fc2f4b9f82c4563713497043947e98dbb03e7d755681adf3ae661aba80d08e59988a23695fc64481b69d9842b7ec7d2b572cc872c4c9957febc

Download Submit
\Users\Admin\AppData\Local\Temp\nskA556.tmp\inetc.dll

Filesize
29KB

MD5
dccdcb124064a1d9a5eb12232348b898

SHA1
f294fac154cb1c6c18fe054ac584f767594b93fb

SHA256
37adc0183d94ae6ca1895643423dac0c97750d7103e6b00c14299dfc4ad2271e

SHA512
bd89bcd513bb7120db80e1115b4caceaa18c4ea863fe29b232002d447c3813133ff2849fcb2d4df45e3ff67e0e0d9d340d61060b9c74045b17efa5b1c1f5b05e

Download Submit