Overview
overview
7Static
static
73739d14235...4a.exe
windows11-21h2-x64
7$PLUGINSDI...ol.dll
windows11-21h2-x64
5$PLUGINSDI...ns.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...al.ini
windows11-21h2-x64
3$PLUGINSDI...er.bmp
windows11-21h2-x64
3$PLUGINSDI...rd.bmp
windows11-21h2-x64
3AVStrike.exe
windows11-21h2-x64
6AVStrike.exe.config
windows11-21h2-x64
3CButtonLib.dll
windows11-21h2-x64
1Common Tools.dll
windows11-21h2-x64
1Core.dll
windows11-21h2-x64
1Interop.IW...ry.dll
windows11-21h2-x64
1KernelBase.dll
windows11-21h2-x64
3LumenWorks...IO.dll
windows11-21h2-x64
1System.Dat...te.dll
windows11-21h2-x64
3TaskScheduler.dll
windows11-21h2-x64
1Uninstall.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows11-21h2-x64
3db/AVStrikeDB.ldb
windows11-21h2-x64
3db/AVStrikeDB.ldb.bak
windows11-21h2-x64
3db/bytecode.cld
windows11-21h2-x64
3db/daily.cld
windows11-21h2-x64
3db/main.cld
windows11-21h2-x64
3db/mirrors.dat
windows11-21h2-x64
3libclamav.dll
windows11-21h2-x64
3libclamavd.dll
windows11-21h2-x64
3log4net.dll
windows11-21h2-x64
1scandll.dll
windows11-21h2-x64
3update_db.exe
windows11-21h2-x64
Analysis
-
max time kernel
207s -
max time network
282s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system -
submitted
07/11/2024, 10:46
Behavioral task
behavioral1
Sample
3739d14235ff791ab9f138b769613880d3426004e42eb8c96da33cc00b18f14a.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241023-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ioSpecial.ini
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
AVStrike.exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
AVStrike.exe.config
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
CButtonLib.dll
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
Common Tools.dll
Resource
win11-20241023-en
Behavioral task
behavioral13
Sample
Core.dll
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
Interop.IWshRuntimeLibrary.dll
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
KernelBase.dll
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
LumenWorks.Framework.IO.dll
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
System.Data.SQLite.dll
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
TaskScheduler.dll
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
Uninstall.exe
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
db/AVStrikeDB.ldb
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
db/AVStrikeDB.ldb.bak
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
db/bytecode.cld
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
db/daily.cld
Resource
win11-20241023-en
Behavioral task
behavioral25
Sample
db/main.cld
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
db/mirrors.dat
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
libclamav.dll
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
libclamavd.dll
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
log4net.dll
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
scandll.dll
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
update_db.exe
Resource
win11-20241007-en
General
-
Target
db/daily.cld
-
Size
49.4MB
-
MD5
50fbd12738c2cb401afbbf803906dc08
-
SHA1
b0c86564fbc6812a0f123c2f39c44e77d430a0ae
-
SHA256
998b8a3f828c12f2d1b296b099180d345a4d537d8c5c5a7c9743bcda82d33ff4
-
SHA512
f52eb499f8f62240599c6aebf7a1d41455a60eb919846abe7f46f4856b604b5d5e458b2154f330255315e57ba982efef3aac83cc9e9972510346fdcbb8a9542f
-
SSDEEP
24576:uy0s11111H11fq2E92dGliIptGjIKQLcUGpSBFhrP+0osyDrJaZ6SS4PJ+8auY8d:b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2960 OpenWith.exe