Overview

overview

10

Static

static

10

dogecoin-1...li.exe

windows7-x64

3

dogecoin-1...li.exe

windows10-2004-x64

3

dogecoin-1...nd.exe

windows7-x64

10

dogecoin-1...nd.exe

windows10-2004-x64

10

dogecoin-1...qt.exe

windows7-x64

10

dogecoin-1...qt.exe

windows10-2004-x64

10

dogecoin-1...re.exe

windows7-x64

10

dogecoin-1...re.exe

windows10-2004-x64

10

dogecoin-1...ll.exe

windows7-x64

7

dogecoin-1...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dogecoin-1.14.9-win32/uninstall.exe

  • Size

    479KB

  • MD5

    67d544d525bb4215883387ed293306f3

  • SHA1

    a22c55be841dc7fefb893a5dec32cf236ed7ed61

  • SHA256

    d3d9902cd4bd86b91a7093c58c3a7259a00c5d7fee672123b540aca9ca55e704

  • SHA512

    700f390f0e3de76de843cc48b6f90acb77b03bacf2b5941ed05493ce14b992479f98e8827656ca35f40ef0576fe452eab728c99ed3c88c0085f0bfb38d077111

  • SSDEEP

    3072:ig6nXHTSMyxWxVIkvfG5fJK7NpkXbL6XiDUqN16ZVdzCthvAEijAumv7s8CJBcUy:4nNywR4Y7NpyHaE12zshvAhEfkjMPRD

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\uninstall.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    479KB

    MD5

    67d544d525bb4215883387ed293306f3

    SHA1

    a22c55be841dc7fefb893a5dec32cf236ed7ed61

    SHA256

    d3d9902cd4bd86b91a7093c58c3a7259a00c5d7fee672123b540aca9ca55e704

    SHA512

    700f390f0e3de76de843cc48b6f90acb77b03bacf2b5941ed05493ce14b992479f98e8827656ca35f40ef0576fe452eab728c99ed3c88c0085f0bfb38d077111

    Download Submit

  • memory/2232-9-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2232-13-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/3196-5-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download