Overview
overview
10Static
static
517-10-2024...QW.exe
windows7-x64
17-10-2024...QW.exe
windows10-2004-x64
17-10-2024...er.exe
windows7-x64
717-10-2024...er.exe
windows10-2004-x64
717-10-2024...ys.exe
windows7-x64
917-10-2024...ys.exe
windows10-2004-x64
917-10-2024...er.exe
windows7-x64
317-10-2024...er.exe
windows10-2004-x64
317-10-2024...er.exe
windows7-x64
317-10-2024...er.exe
windows10-2004-x64
317-10-2024...re.exe
windows7-x64
1017-10-2024...re.exe
windows10-2004-x64
1017-10-2024...ix.exe
windows7-x64
117-10-2024...ix.exe
windows10-2004-x64
317-10-2024...nt.exe
windows7-x64
1017-10-2024...nt.exe
windows10-2004-x64
1017-10-2024...re.exe
windows7-x64
517-10-2024...re.exe
windows10-2004-x64
517-10-2024...NG.dll
windows7-x64
317-10-2024...NG.dll
windows10-2004-x64
317-10-2024...op.exe
windows7-x64
717-10-2024...op.exe
windows10-2004-x64
717-10-2024...er.exe
windows7-x64
717-10-2024...er.exe
windows10-2004-x64
717-10-2024...an.exe
windows7-x64
317-10-2024...an.exe
windows10-2004-x64
317-10-2024...ie.exe
windows7-x64
517-10-2024...ie.exe
windows10-2004-x64
517-10-2024...oe.exe
windows7-x64
717-10-2024...oe.exe
windows10-2004-x64
717-10-2024...ge.exe
windows7-x64
617-10-2024...ge.exe
windows10-2004-x64
6Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16-11-2024 22:34
Behavioral task
behavioral1
Sample
17-10-2024 #20/AQW.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
17-10-2024 #20/AQW.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
17-10-2024 #20/Adobe Reader.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
17-10-2024 #20/Adobe Reader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
17-10-2024 #20/Barys.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
17-10-2024 #20/Barys.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
17-10-2024 #20/Butcher Crypter.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
17-10-2024 #20/Butcher Crypter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
17-10-2024 #20/Dynamer.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
17-10-2024 #20/Dynamer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
17-10-2024 #20/Explore.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
17-10-2024 #20/Explore.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
17-10-2024 #20/FloodFix.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
17-10-2024 #20/FloodFix.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
17-10-2024 #20/Flyagent.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
17-10-2024 #20/Flyagent.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
17-10-2024 #20/InstallCore.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
17-10-2024 #20/InstallCore.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
17-10-2024 #20/MSRATING.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
17-10-2024 #20/MSRATING.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
17-10-2024 #20/MulDrop.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
17-10-2024 #20/MulDrop.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
17-10-2024 #20/TSULoader.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
17-10-2024 #20/TSULoader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
17-10-2024 #20/UtilMan.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
17-10-2024 #20/UtilMan.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
17-10-2024 #20/Zombie.exe
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
17-10-2024 #20/Zombie.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
17-10-2024 #20/app stroe.exe
Resource
win7-20241023-en
Behavioral task
behavioral30
Sample
17-10-2024 #20/app stroe.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
17-10-2024 #20/assemblychange.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
17-10-2024 #20/assemblychange.exe
Resource
win10v2004-20241007-en
General
-
Target
17-10-2024 #20/MulDrop.exe
-
Size
437KB
-
MD5
40e4282c65ce4cfeb5e566c6a3a713e0
-
SHA1
a3d786888ee84957cbea5d6879d7915a2f0ecd16
-
SHA256
68473e5f20e5a30b4bfffe86da83a30e5faada6b8824f894aad776b0b1f8106e
-
SHA512
0fc7e4c3155299580a6a497cc52cb504c124e16f8147b7c9a95b4fe6521481cf927512e5339dff0d78dda55e1c3c92de97a3b4b44fa3ff6b323de99a5dd2b09b
-
SSDEEP
6144:hH71iYqhwk9/U3ZfFAxljjF0OQTPGo/o51BeLZ+gneQX9c9wPetx3VC7wiywNA3R:BDqhwss3M/mjHqTeLcgeg9cWWT0RuR
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
_bbg.exepid process 2024 _bbg.exe -
Loads dropped DLL 1 IoCs
Processes:
MulDrop.exepid process 352 MulDrop.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
MulDrop.exe_bbg.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MulDrop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language _bbg.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
_bbg.exepid process 2024 _bbg.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
MulDrop.exedescription pid process target process PID 352 wrote to memory of 2024 352 MulDrop.exe _bbg.exe PID 352 wrote to memory of 2024 352 MulDrop.exe _bbg.exe PID 352 wrote to memory of 2024 352 MulDrop.exe _bbg.exe PID 352 wrote to memory of 2024 352 MulDrop.exe _bbg.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:352 -
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exeC:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe /sfxv:3.12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD5a8ffd569876199f144568bb7767d2b6f
SHA1517dc551ba76d5565a4b2dac49951073553af265
SHA256845bdef261b041fddd45a44b3b05b52bd16d4b9f423b5e52654a168452ec2930
SHA5125abd433d8f97ce5a3686333ced77c0e5cc02147874fdecb08c3b2352b9840b3ac4dccfae242fdf0f8a5e5a41c4ba64f9dd9c840b9fd4a2607e656d6f60fbc473
-
Filesize
2KB
MD58a8fa3d4bcbaa146d6d992cb41a17cb6
SHA1ba029352f097f5091cbe7edd16f596f0e648472d
SHA25603a9b3d2b445a8e4aeae2076c550d6acff401cbc331d29928ab4a33e0e7fda0a
SHA512c776834e5613a62a3361a82c9c5cf1bef8e6c1f774a696315c05c2f17e13a3cc30db167b7696f57c134a232efc7e0feb2f8dc9a91522b4aee9b6417acba8dc80
-
Filesize
46KB
MD5200648833c230b76686bda1c0df905e5
SHA185f83493ecdd04dcce193f710b39a8475474e084
SHA256a6e044bf66f82c2f2e669f7402704a16a35e5703c25fc2deafb077976e677934
SHA512d61808f1c408a047646ed9fd49785f99dead9a601b28df17fb72c79ffb468d3898c4176364dd46b0b825415406271269fb49afd0d4bbc2993c349a4e78d5e68c
-
Filesize
636KB
MD5f7a897d1732db96df3339644257ffdf5
SHA1ff844b877dea6f74978067c606c6ef4b161e9afc
SHA2567761b022a2f03d7965c189d28a7c5cfc773e691a4dd20af23ed8ec2b73c9e199
SHA5120958e6ad3925178a5ff67f174b1f29f510c84a99840b8d97f0538f625666baa6363bfdedc66f2d2d8b566c36b192cd39d5984738675a59ad153db5871789f8d9