Overview

overview

7

Static

static

7

8554134af5...dN.exe

windows7-x64

7

8554134af5...dN.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...de.dll

windows7-x64

3

$PLUGINSDI...de.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

5

$PLUGINSDI...on.dll

windows10-2004-x64

5

enumerate_gt.dll

windows7-x64

6

enumerate_gt.dll

windows10-2004-x64

6

enumerate_gtu.exe

windows7-x64

3

enumerate_gtu.exe

windows10-2004-x64

3

enumst.exe

windows7-x64

3

enumst.exe

windows10-2004-x64

3

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    100s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2024 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninstall.exe

  • Size

    86KB

  • MD5

    967351c220f514656d716f962f4cf1f6

  • SHA1

    2247bcfa468baf7537fed865aa7f36320a656d52

  • SHA256

    197457eb687df4a75631b429b8486ffda1b734893d0b76633db8f86a63edb9d4

  • SHA512

    257854d6438ba6142b1368da656f4f6e0cbc61fb80e568af8a4547d4ac50a406b7195302cc3ca5eb787e09036728616f58477e376e00b78deeeaaebcd956c5c7

  • SSDEEP

    1536:1QpQ5EP0ijnRTXJc36DMGjR0uNEchEXyvvSCzfZZsE25gJSu8wzwk6yt9:1QIURTXJcUM8R0uNElAvinubt9

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\uninstall.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstB859.tmp\ioSpecial.ini
    Filesize

    610B

    MD5

    4d9d87deae2bac2ea6b3524d8c0f4fbb

    SHA1

    902ef11d3a6deb84d2fa219ec3a1ffc076d4b66d

    SHA256

    2ccd60c10b4c67ea57aa6854b2d6bf5af5b3513685e92029bc4ae4e60d2101c6

    SHA512

    55362a63ed8971a6661e44ffefc51e8775a42249b8c0e7c5fa14d5dfa6cef99e0ace968d78957b2e07aba10bc57e2d572d7efdedcf9f8f3bee0e1b83b5f81ab4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstB859.tmp\ioSpecial.ini
    Filesize

    649B

    MD5

    9723ca639fa0ab6080ec8fbb7fc13dcf

    SHA1

    83b7075b4ecf7a32f6d00356bfb7d1ea86117fd5

    SHA256

    734d8d69ea880f546f90127dbc3fc84f8b4e52d59daec0951c6bc83364800cd1

    SHA512

    ac8a39942bea0dcc5e30bdcfb58ce225c040d8129435ecfc4b6333242fab62fa00adc90086b35b294a1ff3660ec2bf16c6e3b55d1372476da04d779ccaeaf5f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstB859.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    86KB

    MD5

    967351c220f514656d716f962f4cf1f6

    SHA1

    2247bcfa468baf7537fed865aa7f36320a656d52

    SHA256

    197457eb687df4a75631b429b8486ffda1b734893d0b76633db8f86a63edb9d4

    SHA512

    257854d6438ba6142b1368da656f4f6e0cbc61fb80e568af8a4547d4ac50a406b7195302cc3ca5eb787e09036728616f58477e376e00b78deeeaaebcd956c5c7

    Download Submit