Overview

overview

7

Static

static

3

3a630afcb6...18.exe

windows7-x64

7

3a630afcb6...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$_10_/$_10...er.exe

windows7-x64

3

$_10_/$_10...er.exe

windows10-2004-x64

3

$_10_/CCPM...fo.dll

windows7-x64

6

$_10_/CCPM...fo.dll

windows10-2004-x64

6

$_10_/Coopen.scr

windows7-x64

3

$_10_/Coopen.scr

windows10-2004-x64

3

$_10_/Coop...10.dll

windows7-x64

3

$_10_/Coop...10.dll

windows10-2004-x64

3

$_10_/CoopenAir.exe

windows7-x64

3

$_10_/CoopenAir.exe

windows10-2004-x64

3

$_10_/Coop...ry.dll

windows7-x64

3

$_10_/Coop...ry.dll

windows10-2004-x64

3

$_10_/Coop...er.dll

windows7-x64

6

$_10_/Coop...er.dll

windows10-2004-x64

3

Coopen.exe

windows7-x64

3

Coopen.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_10_/CoopenLottery.dll

  • Size

    464KB

  • MD5

    0279ba094e7ba00c168c34af9b10e76d

  • SHA1

    035ce61141f04d19d5b42c14e3273617e600b66f

  • SHA256

    1cc7c64fa43e5a432562c8b2835888377f7d23bf81f6955f3588c856362619da

  • SHA512

    bb40deb6656cbefc98b836c73a9cb3f2b9642df7f3af2786171e4cc98ec789f3cbf435c4afd88d4b256ee37d98daa3ae9ffb7f18a3702acd43c41fdca6e03853

  • SSDEEP

    6144:tXBF2vDhOIMUAvyWS2GLdV4m/pVn9YZPb0OW64mGSIeiHWzLnjj/a:ovDhhXgPBud2IiFi6XGSpi23PC

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_10_\CoopenLottery.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_10_\CoopenLottery.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads