Overview

overview

7

Static

static

3

297273f120...fd.exe

windows7-x64

7

297273f120...fd.exe

windows10-2004-x64

7

$PLUGINSDIR/7z.dll

windows7-x64

3

$PLUGINSDIR/7z.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...te.exe

windows7-x64

1

$PLUGINSDI...te.exe

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

1

$PLUGINSDI...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    297273f12014539fb8a2be3de4888d13e5688e87469fc0411fe665c0eb9c79fd.exe

  • Size

    2.6MB

  • MD5

    aea12bdd5027ff4d84e6c0790fb9f86a

  • SHA1

    d68e26bf803ce55eb3446dbffdb2b7c22b49f1e9

  • SHA256

    297273f12014539fb8a2be3de4888d13e5688e87469fc0411fe665c0eb9c79fd

  • SHA512

    e68c6012dfb30a2d159b5b089bf4d9b8f409cb8928686d0477284b84d5ffe6e278c912b086417ca17d8c9266f73a2d87d2055260074c223b06ddacf9c345b8a1

  • SSDEEP

    49152:heP79xB2SqwXgOxC4AkeOVSM82k8gTQx4hRpZqmMnvbHtfWgP:up2Sq/OxeOH820TQx4hRpohn7tfWw

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\297273f12014539fb8a2be3de4888d13e5688e87469fc0411fe665c0eb9c79fd.exe
    "C:\Users\Admin\AppData\Local\Temp\297273f12014539fb8a2be3de4888d13e5688e87469fc0411fe665c0eb9c79fd.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\nsj1CF5.tmp\patchupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\nsj1CF5.tmp\patchupdater.exe" --action=install --oldhash=0c32c2ca4b34743466be4302105bfdf9 --newhash=dd139bf8c19f18e1f3931521e89fb1ad --oldv=14.8.0.9906 --newv=14.8.0.9942 --extra=""
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsj1CF5.tmp\System.dll
    Filesize

    11KB

    MD5

    c51fc979c1c3e17bece7bd194aeb6ea2

    SHA1

    9a5d000d6393f2980062b4cc6e8f543493b1be8f

    SHA256

    93a8e95708882e56250ae55aef93417333b2dbe7ea99590abed34cdca2227e61

    SHA512

    716cdeb890307ff42901464dd24aa94e29415ef20d4e975c2733e34330fdf85edfd4ad9e00878edbe98921deebe44153279cb95acb309c5e1812026716dcdc4e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj1CF5.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    d7d0c9d3b5e38be79ce8765a9b492787

    SHA1

    27873370f5f3e88365612e0606247173a43eae60

    SHA256

    74e2c4b7905e3daa30a6d10d9e4de6b56316b965b4be068c4ed9017febd4613b

    SHA512

    ed10326f8cf747b173c707fa3b4d0ef6c46492bda2eb712cf32a10544de0dd35a13a8cf1948e335df08fad418545be12a2d782fea5cefae453dafd578b53d36b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj1CF5.tmp\patchupdater.exe
    Filesize

    2.0MB

    MD5

    5a25a557d6a4f26c41d0161b2ed5c0b9

    SHA1

    4fba64b59981de723e7baedc790f4e379a2e8392

    SHA256

    1a02299d3f768854033429f48f2dbea8650ff3d343dfd4bb439ff52f9f6ed45c

    SHA512

    304ed5767520726660a5d5b37ce95382cfe4f26135720d7c5725e3fe9da55c1efa010c20e144bfb44d22fc829ca26ba36f3658fd40cafde3c55e3c1c37618c3b

    Download Submit