Overview

overview

7

Static

static

7

a795cccfd7...fN.exe

windows7-x64

7

a795cccfd7...fN.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$SYSDIR/grcht50.dll

windows7-x64

1

$SYSDIR/grcht50.dll

windows10-2004-x64

1

$SYSDIR/gren50.dll

windows7-x64

1

$SYSDIR/gren50.dll

windows10-2004-x64

1

$SYSDIR/npgrcom5.dll

windows7-x64

3

$SYSDIR/npgrcom5.dll

windows10-2004-x64

3

$SYSDIR/npgrweb5.dll

windows7-x64

7

$SYSDIR/npgrweb5.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a795cccfd7a9a219412e630b63851534d1d69cc1baaa0448d8645a2a7031626fN.exe

  • Size

    1.9MB

  • MD5

    7a0b8ea8a4c9566d3eda175e8cf02250

  • SHA1

    14525b4aaa093ccd5a0b0e46f349d8c2cf1a3679

  • SHA256

    a795cccfd7a9a219412e630b63851534d1d69cc1baaa0448d8645a2a7031626f

  • SHA512

    ab1ee2ce4c368e826225a7ffeebb88779bcbbdb2ac44742154812780e49ff1f3bfe81d18b39fbfd4b619596e153e609d33549706f3380850abf3dc0af11a9c6a

  • SSDEEP

    49152:B/MFurieeeaBeHighOrR02axTAZ81BAmontq/OoW:B8ur3YvbVDaxTAZ81BAmong/OoW

Score
7/10
discoverypersistenceprivilege_escalationupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 4 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a795cccfd7a9a219412e630b63851534d1d69cc1baaa0448d8645a2a7031626fN.exe
    "C:\Users\Admin\AppData\Local\Temp\a795cccfd7a9a219412e630b63851534d1d69cc1baaa0448d8645a2a7031626fN.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd9A7D.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    f00baffebf7cdda9b3f7c4aab55159bb

    SHA1

    7a2a2a994f391abd5cca7b3f2fbac98299914dfb

    SHA256

    9b81f4a1710cc84bd2f8896e738f4c1589648faed8632c7ebfae51df23813eeb

    SHA512

    1ad68e443d94be1c734852f7841d74a0975cf38ad88b071fdf4f4bf9927b66e9fcf544cd77207748a7b895a87b656aa5442ef918f14b22959e208074c9e274cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd9A7D.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    996bd0bdcb847d06ea391bf1ce4c6bb8

    SHA1

    e611aec325139c322922d88cccb72cb5e2d64029

    SHA256

    0269940a0088dc3b01ab7f291bac6015d8e3474498ce66460a546f7ece598f38

    SHA512

    5140ecfef8bcd2dcb12a94052a4256d2284bd2a97acae3d97e805fd197285d3bf68aebc3b5e791b08a22a5144660376aa000386ddd556e0b77fd5e42833cece1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd9A7D.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    efcaee2a896f1e8452976a1acbb4579a

    SHA1

    a29aa736bc153be1b900ac6eea55c9f0961e914a

    SHA256

    3ac79eb795b5d5893be60fd4f3d6856a46891bc0877896660346e926c1a495cd

    SHA512

    c40f0ad5064b174b594962b6079821a80fb6f17fa72877326f5e7917f54f73f5bffac928c154612750d1441f3e63aed19ac26be9534b01d9e2d6b152f3ff42e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd9A7D.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    fc3e8337529a36597abfe43b38d8845f

    SHA1

    c2b54e606a71197453f8e1ee2d139068e5768caa

    SHA256

    a166900902abe789cc55a9246796a8da69019f27b2b57ef07a2a23f8d128c443

    SHA512

    b0dfa85389021111b5ad41ded1ae799ef71e52e9ea1cb08c9fbb13e5452c7c262634c0c1827ce45674e2d65803ea26bb0ce224b177e1d87613005c5febb6418b

    Download Submit

  • C:\Windows\SysWOW64\npgrcom5.dll
    Filesize

    265KB

    MD5

    d5568e94377a419c717cacf177dfd13b

    SHA1

    3a66cb516d59c88ce96037613c3cf53ed00cdeac

    SHA256

    02f729cbe64157f0bf93e45b4bc336b66406e1b8a4220dc7ea71dfe299af5bd7

    SHA512

    c37205a813608eb569afe36905c3141bc99b6f142f9ac0c1f43e145bd3ff64c6dcc0a1a0c2c4adcaf08504982411475f10616ecff2ec24fc811f0926e164b621

    Download Submit

  • C:\Windows\SysWOW64\npgrweb5.dll
    Filesize

    1.8MB

    MD5

    9ed8e72d9e9d75fcd8f52b04c65a6d8b

    SHA1

    86c787ed723562ca6538f27396b103edc1ed7904

    SHA256

    512bc3780ee690009a803738ba08a8a912f3c49c05f5b6eadcf3fcc256139a75

    SHA512

    23928b4146481b55ab07991560494175f83fa9184f1b50e8d4908a28926437644362362e6a8468359acd00f4c3b489895dd9f66756b17152650417828be676ed

    Download Submit

  • memory/2108-92-0x00000000740F0000-0x0000000074580000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2108-97-0x0000000003D00000-0x0000000003D42000-memory.dmp

    Filesize

    264KB

    Download