Overview
overview
7Static
static
3b2c10de5a8...a3.exe
windows7-x64
7b2c10de5a8...a3.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$SYSDIR/NX...KF.dll
windows7-x64
3$SYSDIR/NX...KF.dll
windows10-2004-x64
3$SYSDIR/NXYUKEY.dll
windows7-x64
3$SYSDIR/NXYUKEY.dll
windows10-2004-x64
3$SYSDIR/NX...HB.dll
windows7-x64
3$SYSDIR/NX...HB.dll
windows10-2004-x64
3$SYSDIR/NX...HB.dll
windows7-x64
3$SYSDIR/NX...HB.dll
windows10-2004-x64
3$WINDIR/sy...64.dll
windows7-x64
1$WINDIR/sy...64.dll
windows10-2004-x64
1$WINDIR/sy...EY.dll
windows7-x64
7$WINDIR/sy...EY.dll
windows10-2004-x64
7$WINDIR/sy...HB.dll
windows7-x64
7$WINDIR/sy...HB.dll
windows10-2004-x64
7$WINDIR/sy...HB.dll
windows7-x64
1$WINDIR/sy...HB.dll
windows10-2004-x64
1NXYCSP_82_HB.dll
windows7-x64
3NXYCSP_82_HB.dll
windows10-2004-x64
3NXYCSP_82_HB0409.dll
windows7-x64
1NXYCSP_82_HB0409.dll
windows10-2004-x64
1NXYCSP_82_HB0804.chm
windows7-x64
1NXYCSP_82_HB0804.chm
windows10-2004-x64
1NXYCSP_82_HB0C04.dll
windows7-x64
1NXYCSP_82_HB0C04.dll
windows10-2004-x64
1NXYCSP_82_HB64.dll
windows7-x64
1NXYCSP_82_HB64.dll
windows10-2004-x64
1General
-
Target
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3
-
Size
755KB
-
Sample
241031-j98rkawman
-
MD5
e6130e00b6c86753b9f94ddb6d4a1eeb
-
SHA1
8a80ca1905f3727bb359a7f7408efd0c72579425
-
SHA256
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3
-
SHA512
61341a02ab0c67d364aafed4878aea2392d4922f1d712e61aabd6cf8627845e178c8655c06dbcfabbb24e77a5e5f8834094bc874f77a4d8b09945d31bc81beb5
-
SSDEEP
12288:nSakcarsQeQzb6bn7V0S2dc864XRYUVkaNumwFrCcplljtqKHfU3lC9LA6+w4oi1:SahceqG3V0c864CFawmwFmklUlCXQ
Static task
static1
Behavioral task
behavioral1
Sample
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$SYSDIR/NXYCSP_82_HB_SKF.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$SYSDIR/NXYCSP_82_HB_SKF.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$SYSDIR/NXYUKEY.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$SYSDIR/NXYUKEY.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$SYSDIR/NXYUKEY_HB.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$SYSDIR/NXYUKEY_HB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$SYSDIR/NXYUSB_82_HB.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$SYSDIR/NXYUSB_82_HB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$WINDIR/system32/NXYCSP_82_HB_SKF64.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$WINDIR/system32/NXYCSP_82_HB_SKF64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$WINDIR/system32/NXYUKEY.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$WINDIR/system32/NXYUKEY.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$WINDIR/system32/NXYUKEY_HB.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$WINDIR/system32/NXYUKEY_HB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$WINDIR/system32/NXYUSB_82_HB.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$WINDIR/system32/NXYUSB_82_HB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
NXYCSP_82_HB.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
NXYCSP_82_HB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
NXYCSP_82_HB0409.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
NXYCSP_82_HB0409.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
NXYCSP_82_HB0804.chm
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
NXYCSP_82_HB0804.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
NXYCSP_82_HB0C04.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
NXYCSP_82_HB0C04.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
NXYCSP_82_HB64.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
NXYCSP_82_HB64.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3
-
Size
755KB
-
MD5
e6130e00b6c86753b9f94ddb6d4a1eeb
-
SHA1
8a80ca1905f3727bb359a7f7408efd0c72579425
-
SHA256
b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3
-
SHA512
61341a02ab0c67d364aafed4878aea2392d4922f1d712e61aabd6cf8627845e178c8655c06dbcfabbb24e77a5e5f8834094bc874f77a4d8b09945d31bc81beb5
-
SSDEEP
12288:nSakcarsQeQzb6bn7V0S2dc864XRYUVkaNumwFrCcplljtqKHfU3lC9LA6+w4oi1:SahceqG3V0c864CFawmwFmklUlCXQ
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies WinLogon
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
2f69afa9d17a5245ec9b5bb03d56f63c
-
SHA1
e0a133222136b3d4783e965513a690c23826aec9
-
SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
-
SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score3/10 -
-
-
Target
$SYSDIR/NXYCSP_82_HB_SKF.dll
-
Size
612KB
-
MD5
99f5ef6c49e60d4a6100a7e114ae565f
-
SHA1
d5c82c5b8d8035a09f91cc054b1500312bfb2d63
-
SHA256
4a766d7d13b387bbc820d48c8085531b6f18c8e5c82ca9051363a0bc3a3e24a0
-
SHA512
01869c7593598d05d9a2eb6dcf156066782e8e28e667c2a89a714173919604e0809e6188725394056137e51c07f09b32845ac39c7fff3dae2d6d178b1bd5e2b2
-
SSDEEP
6144:XP10YQq5xYzfxjtorBdfLUL9pv7enw4yfG4+jIeLapFVx:XJ5xYzkrPfAZJ7enw4yfG4+jRL6Xx
Score3/10 -
-
-
Target
$SYSDIR/NXYUKEY.dll
-
Size
46KB
-
MD5
9056181bf1e131ea1fbe79bc30182c0b
-
SHA1
f5a863efb9a7dc7ff4058f7def7d1290d9f01262
-
SHA256
4d033559167e53accb8224937c16f319bcb270fca3cfbdbd52218d9e7e0e9d9d
-
SHA512
7c5ddb04e2254b938269269239c6c3d5fda3763c4ba9c9324c9ffff96120ceb56dd75e71b167977971408292c683df4c921a370f991ceddbfd354f9fef5e105f
-
SSDEEP
768:fDmFwe6ZM9H12/nlx8/d4T1BSe/IZEOdjx:fDmFwe6aOnlx8/dC1BSCIZvd
Score3/10 -
-
-
Target
$SYSDIR/NXYUKEY_HB.dll
-
Size
74KB
-
MD5
17f390de566bbc388bca8ea0e1d39fbd
-
SHA1
6f07a83dad22a592cb252a6dfdeef43581603df8
-
SHA256
4098bb76fdc46e47c981b645eef1234f7981fcaea69e9c8809f705f277995d9c
-
SHA512
5954809a23fbc21c9c621473e27faa4cf4460a5c712608492887333dda84aba041ec4394f45ac2593703f0a4db7625c2d63be65f263c1cd0a9dc904d3e047aa1
-
SSDEEP
1536:TqhtEFhB329t/iZC9nW1BtaIU+3zkx8/PzI6er:Tqhr9ZiZogBtaIU+3zw8k6e
Score3/10 -
-
-
Target
$SYSDIR/NXYUSB_82_HB.dll
-
Size
476KB
-
MD5
0ed120a375f739507ebabbcc51083566
-
SHA1
957be8c85111af3382156ede5627add200a2f37e
-
SHA256
5c7f23027bf450205e5ab60a0e774b69c74a2d33497714ea0620d45ff65bb037
-
SHA512
3bf75b40556bda29d93246f55b4c85ff701105a3c6bb5fb5064adebd5ff100d985de296e1462920a717d78f1135262f05f0c16be41463e13317530b9e61a466c
-
SSDEEP
3072:+0rgeRWt61Bxx4ixMg/WBw6oyjkjle2l9rJLlHDIyuKh7LapttBrdiPE:rz74KOBcdjIeLapHZ
Score3/10 -
-
-
Target
$WINDIR/system32/NXYCSP_82_HB_SKF64.dll
-
Size
592KB
-
MD5
1ebc49e259f455d0bec127752891a981
-
SHA1
85f56c371858099ae1c1917dfebb0b153834c4da
-
SHA256
287f7e418ac7481e580115e19b15f8ba7a6917023c073387b748653192579f13
-
SHA512
5886cf425bf5972ebd38bbf2277f4bb65401bdb034d0ab171889dadde4fdcb3e718473c6768b9e034ff6c4d718d35166df1155c811cdae3dfab8192c6d851e0a
-
SSDEEP
6144:7SP8n/fKa007kTWf3Gtx2CQ5CLV6P/BL4+jIeLap0:7SP+3t7kXx2DCs/B4+jRL60
Score1/10 -
-
-
Target
$WINDIR/system32/NXYUKEY.dll
-
Size
286KB
-
MD5
5cfd956fb55139037cc266dca90e436d
-
SHA1
30255bc7ec0e0d70f7717cc0a7ba1d17d0ab2a85
-
SHA256
7553dc9faf7b6cee3d694d266b04adb1350b0d7bf7186bde779bda304d511dda
-
SHA512
0f4f52927b9f3e0af480f8aeb52f6bc9df7a8ed1687536b29bd5162d3d9346274af3cab3792a635d73966aae5c3766e82b2299463702278311172e45832bcb7f
-
SSDEEP
6144:AeCGzgfXoJHA0ltBGKp1L21gyiTMqPgYetpBDmnuk:AenznJHXnBGus1K9
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$WINDIR/system32/NXYUKEY_HB.dll
-
Size
91KB
-
MD5
82a23c02d57f07adfe7fe69a536f6ea3
-
SHA1
b5e11c64e501167e622575a7e34a675b5b00c87e
-
SHA256
9b37915a09f0f3ef563ef633cd3426f65a4e16c3282893f7c5a09f63d5a75978
-
SHA512
8ef0719346ec62bf631beaa0b87356f0969563875d4886570eb3bab60dc11933ad705bc60e6d1c5645fccf1b4a982461eabf6cfc070d9d7df9342573a01f1870
-
SSDEEP
1536:2+G9u2cJTI4IghbHiFbAmT6IDRT4JoxFrhwyUdGowb+e:2oJTptDiFbtT9DRFxFFZowie
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$WINDIR/system32/NXYUSB_82_HB.dll
-
Size
476KB
-
MD5
6c4a1846551dbbcb3ebbf511fb39b573
-
SHA1
68b19c6e254b7cb18680e91239437dc7c1ba0b69
-
SHA256
3152c9af0bb0bcb7e1d06cb00452a927cd1019cf49655b7bfee94675ab7be4b8
-
SHA512
ba1fe8ca6694999bffe2007472a775e28456bc53dcfaf623d156a658085980dbfe225c10de7fa9b7ebbb35a5e423f52e032dc980c43f0e35f6359e974c51f753
-
SSDEEP
3072:U8pMfhLgUGM5x4ixMg/WBw6oyjkjle2l9rJLlHDIyuKh7LapttBrVUZ:pMt4KOBcdjIeLapa
Score1/10 -
-
-
Target
NXYCSP_82_HB.dll
-
Size
28KB
-
MD5
f2abd84a39db0674a33aac93ed5fa1e5
-
SHA1
fe7482ce81e30c613da289cc837a2707a12cbd4f
-
SHA256
fb8d50a181b25850a525cb2139be09657fc76b72ae18e1dce4f309fbb2d816ed
-
SHA512
b9f8cdf6de4b0de78d6d73d8e4fa0879c670cd349ecb3e338cdc3ce6f9ae22612539efa0452d9c9b21779aef3ba5cfefa4848f3c9a4274829f61bc82fd185f0e
-
SSDEEP
192:2neGYyFrXh4jSgXg5MFM83IamAikX1oHTnA:IWyFrs6MFMjzn
Score3/10 -
-
-
Target
NXYCSP_82_HB0409.hbl
-
Size
22KB
-
MD5
d8a36f4da613e4782fd02eb35d7003e5
-
SHA1
dd50d7136b3b01c0a9d1d2308f3b1a63fd228f60
-
SHA256
93d4934045e2b857a9f1990410c417f2e0576e67f2779898321c350c69d471e4
-
SHA512
aad7769b144b37d3030badd14171e126f3885f867fa96834a951c32657b482beeb108292f0c389ab3459a361cd4569484c5d02b24ae3ff0d64ace7a7967d9e46
-
SSDEEP
192:5zYUrWFbltpmLjOKfxnAafNRogZzkn8xLI2EABbyGwLcN20Kv0rk8JxlJY412YYm:RdKpmnAI6g48pbZ1lhfOdeZlJZqi
Score1/10 -
-
-
Target
NXYCSP_82_HB0804.chm
-
Size
53KB
-
MD5
ec570724e200e6a8facae559f877049f
-
SHA1
eb7c0bc8f68b8f31fcf4ba57f25e32d974a81720
-
SHA256
6936ce136d72854268d5bcf17a5b782fae05be2c183774a8256b4123cf0ada21
-
SHA512
4c8f07d35cb6dbcbf76dadb597272a00694fdc3c964ec53a478f03f599e8b6549f5a04caf70d19692f29a3f64fd1c17660984d48a9dad94d6eec975aad6ea75b
-
SSDEEP
1536:LyVuotVKblzxNIdbdUrx1l1WzTPWxGPrBC/kL:WVP0BxNIdbdUrxBMTPGMrg8L
Score1/10 -
-
-
Target
NXYCSP_82_HB0C04.hbl
-
Size
13KB
-
MD5
cedf02c7c4d0db3253c3328ff4b9f675
-
SHA1
4054b6073019b947c9720162880503dc4e1abbbb
-
SHA256
cd499a2ccb4dae7bae3c6ec31b099c16f9b30496f43d9a003ca5a8731851c939
-
SHA512
7382d820a3d4eae07be6aeb9728d2e64b076de5814995083ca494ec29024e1fbc39272fa7045756dbb1976a04cf11079e67d34459f7dbb9656dbe105430c4b0e
-
SSDEEP
192:5kgccFQ9K8cE/8CtfvV4LIQMpC55woRKLmd2yU2ixstTwcE:+eO9K8NftlSNMpC55woRGmd2Gust
Score1/10 -
-
-
Target
NXYCSP_82_HB64.dll
-
Size
12KB
-
MD5
5929187aa274b1e4d772262f81052080
-
SHA1
719cb9425bc08fb4f8bfc6aa3e3579f55354ee42
-
SHA256
6728dc8495b2939043ca362504435b777942f9348379353be1d25e98d01c6d0a
-
SHA512
ebcd6dc98a82bb0770da4374680de1dc3c289c1459b8ebcf75f492c09e2d4b44057f4411ff1a5e52a347ab301a074d86858864cabe8f083b6dd6e5c397cc9433
-
SSDEEP
192:B/0+VVCc7VYHZT2vkOESq8ELO51KHx96xWp5ZyZJamA1FLs:B/0ECc72HUTfEqAyWb2cFL
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1