Overview
overview
7Static
static
3bf388f9182...7N.exe
windows7-x64
7bf388f9182...7N.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7ast.dll
windows7-x64
3ast.dll
windows10-2004-x64
3home.url
windows7-x64
6home.url
windows10-2004-x64
3popr.chm
windows7-x64
1popr.chm
windows10-2004-x64
1popr.exe
windows7-x64
6popr.exe
windows10-2004-x64
3Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 00:25
Static task
static1
Behavioral task
behavioral1
Sample
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ast.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ast.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
home.url
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
home.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
popr.chm
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
popr.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
popr.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
popr.exe
Resource
win10v2004-20241007-en
General
-
Target
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
-
Size
888KB
-
MD5
7ba21d73ec123e5a69b70102154efb10
-
SHA1
cf7ca13d60ffbfe2044868317b6a4cf176b288d8
-
SHA256
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277
-
SHA512
929308572c58a2bc22fc85a2cf4d44d2a445b69d84a7ad47645fdf354eaebbe521e452623d5dbe66f0440e42882d2a5aeca8d93ac5d1dfa006c2c5a8ec881d8c
-
SSDEEP
24576:AjRBt6Z9fTxRxw5JDLs1jYvCboPBeDbx7iDSkEl:yRn6wJH+q5evxEw
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exepid process 1504 bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD57d85b1f619a3023cc693a88f040826d2
SHA109f5d32f8143e7e0d9270430708db1b9fc8871a8
SHA256dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18
SHA5125465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85