Overview
overview
10Static
static
1Installer_...se.exe
windows7-x64
8Installer_...se.exe
windows10-2004-x64
10app-11.17....se.exe
windows10-2004-x64
10app-11.17....lf.log
windows7-x64
1app-11.17....lf.log
windows10-2004-x64
1app-11.17....nt.pak
windows7-x64
3app-11.17....nt.pak
windows10-2004-x64
3app-11.17....nt.pak
windows7-x64
3app-11.17....nt.pak
windows10-2004-x64
3app-11.17....47.dll
windows10-2004-x64
1app-11.17....eg.dll
windows7-x64
1app-11.17....eg.dll
windows10-2004-x64
1app-11.17....tl.dat
windows7-x64
3app-11.17....tl.dat
windows10-2004-x64
3app-11.17....GL.dll
windows7-x64
1app-11.17....GL.dll
windows10-2004-x64
1app-11.17....v2.dll
windows7-x64
1app-11.17....v2.dll
windows10-2004-x64
1app-11.17....GB.pak
windows7-x64
3app-11.17....GB.pak
windows10-2004-x64
3app-11.17....US.pak
windows7-x64
3app-11.17....US.pak
windows10-2004-x64
3app-11.17....uk.pak
windows7-x64
3app-11.17....uk.pak
windows10-2004-x64
3app-11.17....vi.pak
windows7-x64
3app-11.17....vi.pak
windows10-2004-x64
3app-11.17....CN.pak
windows7-x64
3app-11.17....CN.pak
windows10-2004-x64
3app-11.17....TW.pak
windows7-x64
3app-11.17....TW.pak
windows10-2004-x64
3app-11.17....es.pak
windows7-x64
3app-11.17....es.pak
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
04-11-2024 13:52
Static task
static1
Behavioral task
behavioral1
Sample
Installer_x64_Final_Release.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Installer_x64_Final_Release.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
app-11.17.0/Installer_x64_Final_Release.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
app-11.17.0/Squirrel-UpdateSelf.log
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
app-11.17.0/Squirrel-UpdateSelf.log
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
app-11.17.0/chrome_100_percent.pak
Resource
win7-20241010-en
Behavioral task
behavioral7
Sample
app-11.17.0/chrome_100_percent.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
app-11.17.0/chrome_200_percent.pak
Resource
win7-20241010-en
Behavioral task
behavioral9
Sample
app-11.17.0/chrome_200_percent.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
app-11.17.0/d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
app-11.17.0/ffmpeg.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
app-11.17.0/ffmpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
app-11.17.0/icudtl.dat
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
app-11.17.0/icudtl.dat
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
app-11.17.0/libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
app-11.17.0/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
app-11.17.0/libGLESv2.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
app-11.17.0/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
app-11.17.0/locales/en-GB.pak
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
app-11.17.0/locales/en-GB.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
app-11.17.0/locales/en-US.pak
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
app-11.17.0/locales/en-US.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
app-11.17.0/locales/uk.pak
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
app-11.17.0/locales/uk.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
app-11.17.0/locales/vi.pak
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
app-11.17.0/locales/vi.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
app-11.17.0/locales/zh-CN.pak
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
app-11.17.0/locales/zh-CN.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
app-11.17.0/locales/zh-TW.pak
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
app-11.17.0/locales/zh-TW.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
app-11.17.0/resources.pak
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
app-11.17.0/resources.pak
Resource
win10v2004-20241007-en
General
-
Target
app-11.17.0/chrome_200_percent.pak
-
Size
222KB
-
MD5
47668ac5038e68a565e0a9243df3c9e5
-
SHA1
38408f73501162d96757a72c63e41e78541c8e8e
-
SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
-
SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89
-
SSDEEP
6144:QsDQYaSN6svydHLhQegx5GMRejnbdZnVE6YoppO4:QBfSN6svydrx6edhVELoXO4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2688 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2688 AcroRd32.exe 2688 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3032 wrote to memory of 2808 3032 cmd.exe 31 PID 3032 wrote to memory of 2808 3032 cmd.exe 31 PID 3032 wrote to memory of 2808 3032 cmd.exe 31 PID 2808 wrote to memory of 2688 2808 rundll32.exe 32 PID 2808 wrote to memory of 2688 2808 rundll32.exe 32 PID 2808 wrote to memory of 2688 2808 rundll32.exe 32 PID 2808 wrote to memory of 2688 2808 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\app-11.17.0\chrome_200_percent.pak1⤵
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\app-11.17.0\chrome_200_percent.pak2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\app-11.17.0\chrome_200_percent.pak"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2688
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5838135241544e7bdf808f82016059747
SHA15e3d3ca40c81a001f8ef9c1ca9e109206ca3ab17
SHA256c4ae8e77f5b6a362662ef182a486f6789ff71c9c0947b88e940c5b32427f33ee
SHA512a6299c458c10c5d458e3f96ccf6252730201944d9b917f5dc633f0485485dd50fa0ba3448657b09d0dba491580037ee010d6e67e01e7e725382c52a5183d91fd