Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-11-2024 22:34

General

  • Target

    17-10-2024 #20/MulDrop.exe

  • Size

    437KB

  • MD5

    40e4282c65ce4cfeb5e566c6a3a713e0

  • SHA1

    a3d786888ee84957cbea5d6879d7915a2f0ecd16

  • SHA256

    68473e5f20e5a30b4bfffe86da83a30e5faada6b8824f894aad776b0b1f8106e

  • SHA512

    0fc7e4c3155299580a6a497cc52cb504c124e16f8147b7c9a95b4fe6521481cf927512e5339dff0d78dda55e1c3c92de97a3b4b44fa3ff6b323de99a5dd2b09b

  • SSDEEP

    6144:hH71iYqhwk9/U3ZfFAxljjF0OQTPGo/o51BeLZ+gneQX9c9wPetx3VC7wiywNA3R:BDqhwss3M/mjHqTeLcgeg9cWWT0RuR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe
    "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
      C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe /sfxv:3.1
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\Users\Admin\AppData\Local\Temp\sfx1\BB40eng.dix

    Filesize

    42KB

    MD5

    a8ffd569876199f144568bb7767d2b6f

    SHA1

    517dc551ba76d5565a4b2dac49951073553af265

    SHA256

    845bdef261b041fddd45a44b3b05b52bd16d4b9f423b5e52654a168452ec2930

    SHA512

    5abd433d8f97ce5a3686333ced77c0e5cc02147874fdecb08c3b2352b9840b3ac4dccfae242fdf0f8a5e5a41c4ba64f9dd9c840b9fd4a2607e656d6f60fbc473

  • \??\c:\Users\Admin\AppData\Local\Temp\sfx1\tex_def.jpg

    Filesize

    2KB

    MD5

    8a8fa3d4bcbaa146d6d992cb41a17cb6

    SHA1

    ba029352f097f5091cbe7edd16f596f0e648472d

    SHA256

    03a9b3d2b445a8e4aeae2076c550d6acff401cbc331d29928ab4a33e0e7fda0a

    SHA512

    c776834e5613a62a3361a82c9c5cf1bef8e6c1f774a696315c05c2f17e13a3cc30db167b7696f57c134a232efc7e0feb2f8dc9a91522b4aee9b6417acba8dc80

  • \??\c:\users\admin\appdata\local\temp\sfx1\bbgift.puz

    Filesize

    46KB

    MD5

    200648833c230b76686bda1c0df905e5

    SHA1

    85f83493ecdd04dcce193f710b39a8475474e084

    SHA256

    a6e044bf66f82c2f2e669f7402704a16a35e5703c25fc2deafb077976e677934

    SHA512

    d61808f1c408a047646ed9fd49785f99dead9a601b28df17fb72c79ffb468d3898c4176364dd46b0b825415406271269fb49afd0d4bbc2993c349a4e78d5e68c

  • \Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe

    Filesize

    636KB

    MD5

    f7a897d1732db96df3339644257ffdf5

    SHA1

    ff844b877dea6f74978067c606c6ef4b161e9afc

    SHA256

    7761b022a2f03d7965c189d28a7c5cfc773e691a4dd20af23ed8ec2b73c9e199

    SHA512

    0958e6ad3925178a5ff67f174b1f29f510c84a99840b8d97f0538f625666baa6363bfdedc66f2d2d8b566c36b192cd39d5984738675a59ad153db5871789f8d9