Overview

overview

9

Static

static

9

3815dcbacb...18.exe

windows7-x64

7

3815dcbacb...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

5

$PLUGINSDI...om.dll

windows10-2004-x64

5

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$TEMP/coop...30.exe

windows7-x64

7

$TEMP/coop...30.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$_10_/$_10...er.exe

windows7-x64

3

$_10_/$_10...er.exe

windows10-2004-x64

3

$_10_/CCPM...fo.dll

windows7-x64

6

$_10_/CCPM...fo.dll

windows10-2004-x64

6

$_10_/Coopen.scr

windows7-x64

3

$_10_/Coopen.scr

windows10-2004-x64

3

$_10_/Coop...10.dll

windows7-x64

3

$_10_/Coop...10.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/coopen_setup_100030.exe

  • Size

    1.2MB

  • MD5

    86417458dc5b33ed2d64ec7ca79be209

  • SHA1

    4786aef18d2409c6e5aa255c4663d455196292ad

  • SHA256

    4b2b035586333f7c16e6035e67bed9f4120b43933e74e8a29f64d04775e86328

  • SHA512

    6b2153538d758b35ebb46cb0ff8485c3f8213c36d6a995329a439826225174333a068dfb08d6755e2fe19f2aa0bd752f962a2bcb80fd9a294f878586ee6e9da3

  • SSDEEP

    24576:kLBUwTKA2P9U/cDeCiFwM9hmYYvNKt6n5duze92xK/zftXhp/:kLqsPihZieBYYvNKt65j2W7tXhF

Score
7/10
discovery

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\coopen_setup_100030.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\coopen_setup_100030.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4216
    • C:\Program Files (x86)\Coopen\Coopen.exe
      "C:\Program Files (x86)\Coopen\Coopen.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Coopen\Coopen.exe
    Filesize

    90KB

    MD5

    f9193966e62c1956bf3c9a716e958a0e

    SHA1

    87401d4a6cb2f023537398fdbf6fc721cacbd93b

    SHA256

    b6f9170d208cfb347ab0095b811a65a1a717ea1246ca25796923b45d2f986e41

    SHA512

    25d9a1b5c7702ebccbfdbcbdd81f6dc5d0aeb5bb6df4a8e8e05ba7cf5840e92b7e64d448d923775345e860ee5939bb34228de81e4b3044f750bab1b5b44ca3bd

    Download Submit

  • C:\Program Files (x86)\Coopen\conf\Admin.ini
    Filesize

    275B

    MD5

    45615761fcdc2306e492801f6e5572eb

    SHA1

    1537e9241fabe9570c271c3e223ca26bcebd6ecf

    SHA256

    7b85376e33ade41a59d93312938703c1a5f78cc40cd57637fa2f668ab269fdb1

    SHA512

    4a2f2fbb10d58be90ce3e293d44f62054eb376e2056285cc6bf823d537c91b6478bb63213d7a8facf1db25c3c75010eed4756723c2ecdec7af4bea5a59efd30c

    Download Submit

  • C:\Program Files (x86)\Coopen\image\Photo\local Photo\ModeBList.ini
    Filesize

    221B

    MD5

    be5d6be6c04055fa7bdf6f4bd116ada0

    SHA1

    3c775702a7c5796bda82ef931c749ed1acc63764

    SHA256

    38f4b305820feae6925d9fb63545409ff258c265fb68cb2d9431659ce0d6a7a7

    SHA512

    09f241dbe45dff0ff10bdf383ebb9bf98b6f3ca5e1cd8fcbe902d4051dd8170ee5109dbba4c824de38187219fcd8a0b9e16fcea03f9baa0b60a9e4fd495639d2

    Download Submit

  • C:\Program Files (x86)\Coopen\image\Wallpaper\coopen wallpaper\PicList.ini
    Filesize

    183B

    MD5

    b2e4fcaf8fb1aca922b3256ad67cae70

    SHA1

    d5ac71355f67bc5775accb38b569258d1be3dac5

    SHA256

    02650ca3221b02dd208301ae918d8408a015d3783e5096a924884d698f598594

    SHA512

    d93b7b0ad7972dada79b456d8431808cc73d49808730a512a3139011a01f69393298b9c86da68b2c2338bdbc6460e57e12db2ab2c87c0be1b216df34f202f1f3

    Download Submit

  • C:\Program Files (x86)\Coopen\image\Wallpaper\local wallpaper\ModeAList.ini
    Filesize

    182B

    MD5

    4973db85d31a71051d885aabffdd5f91

    SHA1

    08aa158b39486f1ed97047cf1755da40a97dd0f1

    SHA256

    58a7286d3e4d4f7ab7a710fe399a7e4bf098dbc6d5b0d23b5f8020511cbabfdf

    SHA512

    e560d87f1561b09b6379da945f1435d2d6eb84b03078da90cbd63bfaeed8947d6d052329159b88bfe765910ba34ba6a74344543ec33e0fc4ee96fa44da90884f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm7E4A.tmp\KillProcDLL.dll
    Filesize

    4KB

    MD5

    99f345cf51b6c3c317d20a81acb11012

    SHA1

    b3d0355f527c536ea14a8ff51741c8739d66f727

    SHA256

    c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    SHA512

    937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm7E4A.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/4216-11-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-41-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-43-0x00000000022B1000-0x00000000022B2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4216-28-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-29-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-139-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-21-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4216-14-0x00000000022B1000-0x00000000022B2000-memory.dmp

    Filesize

    4KB

    Download