Overview

overview

10

Static

static

3

Scans46.scr

windows7-x64

10

Scans46.scr

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    66s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    57KB

  • MD5

    3db1d34674bdfab493aca0b6380d3639

  • SHA1

    05a2b02b653cd9efd98f1e276a266efaca29c5ae

  • SHA256

    426e613848dfa42b08e66aaa03a7c490a8832fc113f610d77cb29a87b7a5ea2e

  • SHA512

    d459cd9655cd5056b2700da36a4eb1738c7c2b961de4bc8542c479d46952c096e9a3d21263b24da87a8409eed889018b94e1238f6d938b7355e56ed8eab8af23

  • SSDEEP

    1536:aU+dcy3fxBk9UmZHs/hc0gdLeAyNxdDEaQttySC:aNzPHk9Mpc0ceAYjme

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4936

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsw325C.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    ea60c7bd5edd6048601729bd31362c16

    SHA1

    6e6919d969eb61a141595014395b6c3f44139073

    SHA256

    4e72c8b4d36f128b25281440e59e39af7ec2080d02e024f35ac413d769d91f39

    SHA512

    f9dc35220697153bb06e3a06caf645079881cb75aed008dbe5381ecaf3442d5be03500b36bbca8b3d114845fac3d667ddf4063c16bc35d29bbea862930939993

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    57KB

    MD5

    3db1d34674bdfab493aca0b6380d3639

    SHA1

    05a2b02b653cd9efd98f1e276a266efaca29c5ae

    SHA256

    426e613848dfa42b08e66aaa03a7c490a8832fc113f610d77cb29a87b7a5ea2e

    SHA512

    d459cd9655cd5056b2700da36a4eb1738c7c2b961de4bc8542c479d46952c096e9a3d21263b24da87a8409eed889018b94e1238f6d938b7355e56ed8eab8af23

    Download Submit