Overview

overview

10

Static

static

10

virus/Froz...ED.exe

windows10-ltsc 2021-x64

10

virus/Wire...64.exe

windows10-ltsc 2021-x64

9

$PLUGINSDI...ns.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...em.dll

windows10-ltsc 2021-x64

3

Qt6Gui.dll

windows10-ltsc 2021-x64

1

Qt6Network.dll

windows10-ltsc 2021-x64

1

Qt6Svg.dll

windows10-ltsc 2021-x64

1

USBPcapSet....0.exe

windows10-ltsc 2021-x64

8

WinSparkle.dll

windows10-ltsc 2021-x64

1

Wireshark.exe

windows10-ltsc 2021-x64

3

brotlicommon.dll

windows10-ltsc 2021-x64

1

bz2.dll

windows10-ltsc 2021-x64

1

charset-1.dll

windows10-ltsc 2021-x64

1

comerr64.dll

windows10-ltsc 2021-x64

1

d3dcompiler_47.dll

windows10-ltsc 2021-x64

1

snappy.dll

windows10-ltsc 2021-x64

1

snmp/mibs/...IB.vbs

windows10-ltsc 2021-x64

1

snmp/mibs/...IB.vbs

windows10-ltsc 2021-x64

1

snmp/mibs/...IB.vbs

windows10-ltsc 2021-x64

1

snmp/mibs/...IB.vbs

windows10-ltsc 2021-x64

1

styles/qwi...le.dll

windows10-ltsc 2021-x64

1

tls/qcerto...nd.dll

windows10-ltsc 2021-x64

1

tls/qopens...nd.dll

windows10-ltsc 2021-x64

1

tls/qschan...nd.dll

windows10-ltsc 2021-x64

1

tshark.exe

windows10-ltsc 2021-x64

1

tshark.html

windows10-ltsc 2021-x64

4

vc_redist.x64.exe

windows10-ltsc 2021-x64

7

wireshark-filter.html

windows10-ltsc 2021-x64

4

wireshark.html

windows10-ltsc 2021-x64

4

zlib-ng2.dll

windows10-ltsc 2021-x64

1

zlib1.dll

windows10-ltsc 2021-x64

1

zstd.dll

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    421s
  • max time network
    1147s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    11-12-2024 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vc_redist.x64.exe

  • Size

    24.3MB

  • MD5

    689d09bce45c75db883db7e78b6f4e9b

  • SHA1

    ba92a00f0f55dcae85c1bbd098efe606bd080b3c

  • SHA256

    814e9da5ec5e5d6a8fa701999d1fc3baddf7f3adc528e202590e9b1cb73e4a11

  • SHA512

    4db5078fdd9eb9ce00a1b6195a67c779a1d3c719de0fbd4729adbdac2d8ca442cf4e0a31aa40d213f29617ec073f1a7e42570dcc2f931eb9534c45f1ec6de253

  • SSDEEP

    786432:moKpx5hYBug51MMlQi7PZdJXiq1+N76JupzS:Upx56Bu61FZPZdxQcUzS

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
    "C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3668
    • C:\Windows\Temp\{AAB44503-0EB0-4236-BD59-A0483F452AFF}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{AAB44503-0EB0-4236-BD59-A0483F452AFF}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=732 -burn.filehandle.self=736
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{7F2E1BD7-ED42-41F8-9759-454F28C25A44}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{7F2E1BD7-ED42-41F8-9759-454F28C25A44}\.ba\wixstdba.dll
    Filesize

    215KB

    MD5

    f68f43f809840328f4e993a54b0d5e62

    SHA1

    01da48ce6c81df4835b4c2eca7e1d447be893d39

    SHA256

    e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

    SHA512

    a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

    Download Submit

  • C:\Windows\Temp\{AAB44503-0EB0-4236-BD59-A0483F452AFF}\.cr\vc_redist.x64.exe
    Filesize

    670KB

    MD5

    261f741c93973d184d4fccf833f0c075

    SHA1

    cb7846fc45cc545b3ac6ab0aa3425461e219b196

    SHA256

    1ec6ded595b12262d8bfcf8436046c9d84febff424924cb839a1946dad76ca4e

    SHA512

    90ca6a11c6bbd5f97d1ed146da5279bf40330bf9020b40eb816ede0d914ed4d769e9c48cb8c839924700dec818d4f818f89e6d6afbc7091e2a2809ebe099da81

    Download Submit