Overview

overview

7

Static

static

3

552ccebe1c...18.exe

windows7-x64

7

552ccebe1c...18.exe

windows10-2004-x64

7

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$0/zwankysearch.dll

windows7-x64

1

$0/zwankysearch.dll

windows10-2004-x64

1

$0/zwankysearch.exe

windows7-x64

3

$0/zwankysearch.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $0/uninstall.exe

  • Size

    78KB

  • MD5

    490071c63a8583c44546421214809399

  • SHA1

    f2268f3629b25b73b7f3ad984d867be01c19a670

  • SHA256

    8f75ba9703c28b460025e05615222ed2b31e5eed829bfbab30bb029e873c0c24

  • SHA512

    00301e21a10071a875b41ab8dbb715fad81af1c28f2badc8d2580b7b40ef52315fbd4af5e1e9a33c2070c3dc5c818632f0bed98f6e46d0869a3859997e12425b

  • SSDEEP

    1536:PEkjY1zy214Qay0DGkJ7qAELVigJGo5hcpw/1q792sX7Ia12/DY:8kjAJ4dDGkJ+AI0bo1qRka0/U

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$0\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse18DF.tmp\ioSpecial.ini
    Filesize

    628B

    MD5

    fa4cf1f9e830715b3beb07ab98f5fecb

    SHA1

    9f20abbdafeca383bb4c2b1ba9a5283a66bdc57e

    SHA256

    c2f9501acd84a9afc346a9188b4c0cfedcf09bd9670259ef9e6f98d69e98152a

    SHA512

    745c7957bba982c3e8d6419c48939e4755489e9090ef60811790396b2e62da7a052d4ee25e8ed82d59265abe8294a41232d4246a645a3f4ce74c59f98f72ddcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse18DF.tmp\ioSpecial.ini
    Filesize

    703B

    MD5

    4978cf47380963df6124b520d876fb95

    SHA1

    0bebec1ed9cc0c57f05cbde146f4676ec53b9186

    SHA256

    75b7e11c5d35e1188ba047038972a7a117928e90595bc6454aa7f1b28a93c79d

    SHA512

    6156b50106be202090bcc0c7d23426127408b2fdcb661a586595d3096c56ab54ef90b66036a7cdd1a6798a17b3038d3d13f7699c3f7fecea9717789ad2eedaeb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse18DF.tmp\ioSpecial.ini
    Filesize

    628B

    MD5

    a604abb3529e61794bd73997cb450112

    SHA1

    ae0d61aaa43bb648c64122ec34ec71f347bfd74b

    SHA256

    18e7ddde4ea4b004e6d693e920a6f3a07fc82f417b363982ddd995c4e8412bab

    SHA512

    cbcd3f987893c4a8fac86b85085ceacc4ce10ae6795d41e35c1dc935c14a5157e8986cdf5cd433606a2dc0a2e70e97f2752798bd0a61eccdf40d7e16470bdf01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nse18DF.tmp\InstallOptions.dll
    Filesize

    13KB

    MD5

    d765c492c21689e3d9d61634371fd861

    SHA1

    ac200933671ae52c9d5544d0e2e8e9144d286c83

    SHA256

    551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    SHA512

    9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nse18DF.tmp\System.dll
    Filesize

    10KB

    MD5

    fe24766ba314f620d57d0cf7339103c0

    SHA1

    8641545f03f03ff07485d6ec4d7b41cbb898c269

    SHA256

    802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    SHA512

    60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    78KB

    MD5

    490071c63a8583c44546421214809399

    SHA1

    f2268f3629b25b73b7f3ad984d867be01c19a670

    SHA256

    8f75ba9703c28b460025e05615222ed2b31e5eed829bfbab30bb029e873c0c24

    SHA512

    00301e21a10071a875b41ab8dbb715fad81af1c28f2badc8d2580b7b40ef52315fbd4af5e1e9a33c2070c3dc5c818632f0bed98f6e46d0869a3859997e12425b

    Download Submit