Overview

overview

4

Static

static

3

b116cbf112...4b.exe

windows7-x64

4

b116cbf112...4b.exe

windows10-2004-x64

4

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$_10_/Qt5Core.dll

windows7-x64

3

$_10_/Qt5Core.dll

windows10-2004-x64

3

$_10_/Qt5Gui.dll

windows7-x64

3

$_10_/Qt5Gui.dll

windows10-2004-x64

3

$_10_/Qt5M...ia.dll

windows7-x64

3

$_10_/Qt5M...ia.dll

windows10-2004-x64

3

$_10_/Qt5Network.dll

windows7-x64

3

$_10_/Qt5Network.dll

windows10-2004-x64

3

$_10_/Qt5P...rt.dll

windows7-x64

3

$_10_/Qt5P...rt.dll

windows10-2004-x64

3

$_10_/Qt5Sql.dll

windows7-x64

3

$_10_/Qt5Sql.dll

windows10-2004-x64

3

$_10_/Qt5Svg.dll

windows7-x64

3

$_10_/Qt5Svg.dll

windows10-2004-x64

3

$_10_/Qt5Widgets.dll

windows7-x64

3

$_10_/Qt5Widgets.dll

windows10-2004-x64

3

$_10_/Qt5Xml.dll

windows7-x64

3

$_10_/Qt5Xml.dll

windows10-2004-x64

3

$_10_/USI_...20.dll

windows7-x64

3

$_10_/USI_...20.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b116cbf112ad9e68f7c38fcd63cc862c7e9ee42734bc47d128ef52b7eae6cc4b.exe

  • Size

    29.1MB

  • MD5

    0385a6642c648e72699e5919ba4cdb2a

  • SHA1

    ab17f308025ce7faf23209e2ff442e12260284b3

  • SHA256

    b116cbf112ad9e68f7c38fcd63cc862c7e9ee42734bc47d128ef52b7eae6cc4b

  • SHA512

    da08fe0d76753e8fc72ea79b1b8fedc00b054f2a176c88617d19631712fe2eaa33de150ca812acac58759b068ffdafe80a787686615b6b2799dcd01257f2223c

  • SSDEEP

    393216:OjXIu91Bw8N57zn8wyu+q1gRTP8QzgvKDal2l4fyTP2p3DdIP3o+W2pnQ33N3aJw:OjIFOUuTezeKDaSzTPc3yP4+W2mHdXiq

Score
4/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b116cbf112ad9e68f7c38fcd63cc862c7e9ee42734bc47d128ef52b7eae6cc4b.exe
    "C:\Users\Admin\AppData\Local\Temp\b116cbf112ad9e68f7c38fcd63cc862c7e9ee42734bc47d128ef52b7eae6cc4b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:3644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nspD1C9.tmp\Banner.dll
    Filesize

    6KB

    MD5

    32599809b2249cd92d49eff595d8cd0b

    SHA1

    6b18ea751af2c67e5610a9d51d344f0c4cc6ace0

    SHA256

    b6e0e1a8023fc7d63edaf6e83e08d42364cdbc71d6421a161a24f88bfb4fe362

    SHA512

    2cddfd26ee09a664905611799a5eddf9ec76e78ea379f301b14738d77f2499bf642f8e6b9304c36285c59f000565472459990d66eab0efb87578dc1489649e2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nspD1C9.tmp\ButtonEvent.dll
    Filesize

    5KB

    MD5

    c24568a3b0d7c8d7761e684eb77252b5

    SHA1

    66db7f147cbc2309d8d78fdce54660041acbc60d

    SHA256

    e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

    SHA512

    5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nspD1C9.tmp\System.dll
    Filesize

    24KB

    MD5

    f6d7d3911f285c72b4281243d4312eb5

    SHA1

    0a9614bbeb5f326802d3b3db28fcbb2087b94a8e

    SHA256

    e2d37e1961012d37d4cfcc2cdcd4baac46ea64f83a8bbba6c05c09e89ceed58b

    SHA512

    4499fc156b5f662d434f6d6b02dfcdceb732a5caedb413fd0d908057b377adf1331fa226ddd8b46fcb36f4dd36cf324a7ce7fbfb45beb1ecfe41e433a03b8f33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nspD1C9.tmp\nsDialogs.dll
    Filesize

    12KB

    MD5

    0771e6c726a7aa8259c4e1ac4146d517

    SHA1

    829e9a50ea6569cea40f1b2f876122c4048003bc

    SHA256

    9c839794568bb1f942b7d6847f3b8a80f105001422a57e01b2e631f878f110d6

    SHA512

    6329e21eed14ea1a3aa272be4c2c3dc24dd76abd354d2c4c2fff96dd58dbd28a858b07d1bd50965112d03d6881c5aa2b5773ca4665edf34137a663b3215a868d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nspD1C9.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    Download Submit

  • memory/3644-87-0x0000000000400000-0x00000000005F8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3644-89-0x00000000740C0000-0x00000000740C7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3644-88-0x00000000747B0000-0x00000000747BE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3644-97-0x00000000740B0000-0x00000000740BB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3644-94-0x0000000000400000-0x00000000005F8000-memory.dmp

    Filesize

    2.0MB

    Download