Overview

overview

9

Static

static

3

SteamSetup.exe

windows10-ltsc 2021-x64

7

SteamSetup.exe

windows11-21h2-x64

9

$PLUGINSDI...ls.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

Steam.exe

windows10-ltsc 2021-x64

7

Steam.exe

windows11-21h2-x64

3

bin/SteamService.exe

windows10-ltsc 2021-x64

1

bin/SteamService.exe

windows11-21h2-x64

1

uninstall.exe

windows10-ltsc 2021-x64

7

uninstall.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...nk.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...nk.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-11-2024 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninstall.exe

  • Size

    137KB

  • MD5

    04ac66825466772809e5f5a7d6d66292

  • SHA1

    16048e430e9f58cc6ff855938e3dcc0fb597264c

  • SHA256

    8f648df6a34445236155b2094905d1fb142e3f9cc314781c4361cf3c052e77f6

  • SHA512

    dbc86e084312f9f22a1703965ae4b52fe00afff908b9fd01ff7d86a24b0b4f91eabe5fab45c91e44819d7ec7ca241281e759064549f9c2cb74ae93418c8a9c78

  • SSDEEP

    1536:BMaAWOz2YOFw3ae4ptaq5qHSlTBuw+I/JFOh5N/Lq33TguZ5Kse85JqeITwr/QCe:BAe+3aJpgWXTBuA/JFONMVHdrFqbvLl

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\uninstall.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsf6E6B.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    0c44f21d4afc81cc99fac7cc35e4503a

    SHA1

    3d0d5c684df99a46510c0e2c0020163a9d11c08d

    SHA256

    8dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10

    SHA512

    4e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    137KB

    MD5

    04ac66825466772809e5f5a7d6d66292

    SHA1

    16048e430e9f58cc6ff855938e3dcc0fb597264c

    SHA256

    8f648df6a34445236155b2094905d1fb142e3f9cc314781c4361cf3c052e77f6

    SHA512

    dbc86e084312f9f22a1703965ae4b52fe00afff908b9fd01ff7d86a24b0b4f91eabe5fab45c91e44819d7ec7ca241281e759064549f9c2cb74ae93418c8a9c78

    Download Submit