Overview

overview

10

Static

static

3

315afb5656...18.exe

windows7-x64

10

315afb5656...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Hjd7WQ3n.html

windows7-x64

3

Hjd7WQ3n.html

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

dynamicmenu.js

windows7-x64

3

dynamicmenu.js

windows10-2004-x64

3

news.pl447077777.html

windows7-x64

3

news.pl447077777.html

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    62KB

  • MD5

    29f0f324b768eb010d87a47e027b3e70

  • SHA1

    419be293b9ff59e114fb55d8e8701f78066e053b

  • SHA256

    35c51add1ca10d624e871df527af21055af029c7e2e4746bb239096af52dc238

  • SHA512

    589fb83f929608b71aa87080ff4a7f206b605c329b3eb082676fc75dff6617698e192a785107a4bce6bf6b9d4abc3a7d4bd7715fd991570b8ad04778e71a6114

  • SSDEEP

    1536:RTdm9B9lYypfMXvugHQ0DbLiNuMgdLeAyNxWpNUT7H:R4lLpkXGED3iNuMceA9I7H

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy8369.tmp\System.dll
    Filesize

    11KB

    MD5

    a4dd044bcd94e9b3370ccf095b31f896

    SHA1

    17c78201323ab2095bc53184aa8267c9187d5173

    SHA256

    2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

    SHA512

    87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy8369.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    b98f45a83c1d09132e1e4ada1387a6f8

    SHA1

    9f0a343ec5060b269d36fe1045cff14185f15d1b

    SHA256

    23661a4b1f3d6744fcdd1b2379e5e602e6cf6bd5950b2d19b844527b2f626e99

    SHA512

    cb446acd93c4dd79e81b920075a7055140b27d3e83b43ad899736a0d37e709974b27c5340a4b864e3b41714523dd4daee07b506a2c40b36f9b9d05fdd5cc2612

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    62KB

    MD5

    29f0f324b768eb010d87a47e027b3e70

    SHA1

    419be293b9ff59e114fb55d8e8701f78066e053b

    SHA256

    35c51add1ca10d624e871df527af21055af029c7e2e4746bb239096af52dc238

    SHA512

    589fb83f929608b71aa87080ff4a7f206b605c329b3eb082676fc75dff6617698e192a785107a4bce6bf6b9d4abc3a7d4bd7715fd991570b8ad04778e71a6114

    Download Submit