Overview
overview
10Static
static
7c22b74bb5b...0b.exe
windows7-x64
10c22b74bb5b...0b.exe
windows10-2004-x64
10$PLUGINSDI...el.dll
windows7-x64
7$PLUGINSDI...el.dll
windows10-2004-x64
7$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$_13_/PowerRun64.exe
windows7-x64
4$_13_/PowerRun64.exe
windows10-2004-x64
3$_13_/SetACL64.exe
windows7-x64
1$_13_/SetACL64.exe
windows10-2004-x64
1$_13_/bn.bat
windows7-x64
1$_13_/bn.bat
windows10-2004-x64
1$_13_/bn1.bat
windows7-x64
10$_13_/bn1.bat
windows10-2004-x64
10$_13_/bnn.bat
windows7-x64
1$_13_/bnn.bat
windows10-2004-x64
1$_13_/bnz.bat
windows7-x64
1$_13_/bnz.bat
windows10-2004-x64
1$_13_/dotN...up.exe
windows7-x64
7$_13_/dotN...up.exe
windows10-2004-x64
7$_13_/dotN...up.exe
windows7-x64
7$_13_/dotN...up.exe
windows10-2004-x64
7$_13_/mbby...iy.exe
windows7-x64
3$_13_/mbby...iy.exe
windows10-2004-x64
3$_13_/win_...rp.exe
windows7-x64
3$_13_/win_...rp.exe
windows10-2004-x64
3General
-
Target
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe
-
Size
2.5MB
-
Sample
241123-tmrjwatnen
-
MD5
e44aa4739e6414c5dec3ede80232deab
-
SHA1
a2a38256e63e2acd791f46a82cc74e34e26d4d79
-
SHA256
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b
-
SHA512
1f10f95db7d67856bbebf9aa4510cb6122e3a7624ef7e3f0cd2d49b08a13b07e8ba43cbe771e4db0d7171f605dca78027cf56369ec90963f1577f3a75ea2f692
-
SSDEEP
49152:P3g6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5f:P7o2wfqNSoyc0G7r6XnaVn/tW5f
Behavioral task
behavioral1
Sample
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$_13_/PowerRun64.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
$_13_/PowerRun64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$_13_/SetACL64.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$_13_/SetACL64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$_13_/bn.bat
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$_13_/bn.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$_13_/bn1.bat
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$_13_/bn1.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_13_/bnn.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$_13_/bnn.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$_13_/bnz.bat
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$_13_/bnz.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$_13_/dotNetFx40_Full_setup.exe
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
$_13_/dotNetFx40_Full_setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$_13_/dotNetFx45_Full_setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$_13_/dotNetFx45_Full_setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$_13_/mbbyfatkrvotaiy.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$_13_/mbbyfatkrvotaiy.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$_13_/win_version_csharp.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
$_13_/win_version_csharp.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe
-
Size
2.5MB
-
MD5
e44aa4739e6414c5dec3ede80232deab
-
SHA1
a2a38256e63e2acd791f46a82cc74e34e26d4d79
-
SHA256
c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b
-
SHA512
1f10f95db7d67856bbebf9aa4510cb6122e3a7624ef7e3f0cd2d49b08a13b07e8ba43cbe771e4db0d7171f605dca78027cf56369ec90963f1577f3a75ea2f692
-
SSDEEP
49152:P3g6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5f:P7o2wfqNSoyc0G7r6XnaVn/tW5f
-
Modifies security service
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/SelfDel.dll
-
Size
5KB
-
MD5
e5786e8703d651bc8bd4bfecf46d3844
-
SHA1
fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
-
SHA256
d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
-
SHA512
d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
-
SSDEEP
96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
11092c1d3fbb449a60695c44f9f3d183
-
SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33
-
SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
-
SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
-
SSDEEP
96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score3/10 -
-
-
Target
$_13_/PowerRun64.exe
-
Size
923KB
-
MD5
efe5769e37ba37cf4607cb9918639932
-
SHA1
f24ca204af2237a714e8b41d54043da7bbe5393b
-
SHA256
5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2
-
SHA512
33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1
-
SSDEEP
24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
Score4/10 -
-
-
Target
$_13_/SetACL64.exe
-
Size
601KB
-
MD5
1fb64ff73938f4a04e97e5e7bf3d618c
-
SHA1
aa0f7db484d0c580533dec0e9964a59588c3632b
-
SHA256
4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221
-
SHA512
da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece
-
SSDEEP
12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
Score1/10 -
-
-
Target
$_13_/bn.bat
-
Size
885B
-
MD5
b8f5f8991353b53c34e6909eced64f13
-
SHA1
5e039faaf0125202fec8087475c62248de7a3976
-
SHA256
f9b7a1395cd60cf2c03bc5b48c81742a6e2a9fc5f5d14dfb48232678c83f272e
-
SHA512
4e5b61f09a6672e4fd93ebccfc8ef25139db6e5200a8203b3950a68cb3251316aef30f86facc1f7560a7f1215647d63cdae0b0fd5ae094097ed180856206ef70
Score1/10 -
-
-
Target
$_13_/bn1.bat
-
Size
9KB
-
MD5
95177638f9e6c0c5f4ae5b598a373ca2
-
SHA1
fca0880d545b3937ceafa4f6ad0ece12168e2921
-
SHA256
606e86d58f2c47eff90ad4b78463ca866854a278adeb09d06a29395a1b8aea89
-
SHA512
55236ad069d9d4347bd2951bc5c5a05f5466e6a7937ec36b903dfb3e72c37bfb33ff610e42006a2da56c07c668cea0cb416fa412663c8d7c80ebc0641cd2d962
-
SSDEEP
192:5yeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6gF8XM9LjZApFpQjTN:4K
Score10/10-
Modifies security service
-
-
-
Target
$_13_/bnn.bat
-
Size
146B
-
MD5
0b4d87168954eff0d213d2785fce723a
-
SHA1
79944843aba1c4ea95083026845552648a18f197
-
SHA256
b2d3e4c0e7d1c0a3d1308df4673e971246356c7b7e11885a2b9631ecac828b65
-
SHA512
9518c8af4c9870f058b57d97723581e979ebaa69478cd6b7ad9837cbdc84b75bc848019781aa9d20d498df6871833651f5c79e3d5da2e917a435cce71c8d0cc4
Score1/10 -
-
-
Target
$_13_/bnz.bat
-
Size
1KB
-
MD5
09f26047b6e9e6e8e0f61eb8937c69f6
-
SHA1
2c0a32ada511bfed1d7b97e5a550aa8953d9b831
-
SHA256
3ab809562d2c374bf6c4c8ee2f49f34e875055af65f95cb7645312deb8c29a7d
-
SHA512
4b3f35f43ee1a8a74c96583d6ea24d69e7e75b289a6bd56e795b5e1918e772bec7f67a12113ecbacc4be9e2f1cc7611cefb94d6662b4778e90a228d97428ff15
Score1/10 -
-
-
Target
$_13_/dotNetFx40_Full_setup.exe
-
Size
868KB
-
MD5
53406e9988306cbd4537677c5336aba4
-
SHA1
06becadb92a5fcca2529c0b93687c2a0c6d0d610
-
SHA256
fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
-
SHA512
4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
-
SSDEEP
24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$_13_/dotNetFx45_Full_setup.exe
-
Size
982KB
-
MD5
9e8253f0a993e53b4809dbd74b335227
-
SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4
-
SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a
-
SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0
-
SSDEEP
24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$_13_/mbbyfatkrvotaiy.exe
-
Size
6KB
-
MD5
e20d4921a4e68cc82bf7263539595bb0
-
SHA1
37ada032a527303c2b16f5529d2430f3b576ca03
-
SHA256
38dd040c23ebaee60f80f2b1753be1509e5260328b67b144ac70887276b8742f
-
SHA512
d54b1ad476d9bdbe87aa88cb5d1238003a1cb6923a88602ec02db579510742bc020deb4199c3d37db69f6f8f93dd32aa6bf9d13143117b02701a20c5694a490b
-
SSDEEP
48:607m4bdFYKbXU57maZkkgmq8aNMfCIpKkQIKZbGqeYlK/XQtPT8W54tagjlm6ouQ:7HY+LaZfXKBlKXQt78PjI6o2zNt
Score3/10 -
-
-
Target
$_13_/win_version_csharp.exe
-
Size
6KB
-
MD5
7cb364701028767f8942cc3f8439f8f2
-
SHA1
d6bede2206b7042b4cae32f416e1b43ffac94238
-
SHA256
a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e
-
SHA512
3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13
-
SSDEEP
96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
4Windows Service
4Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
4Windows Service
4Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5