Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03-07-2024 02:34
Static task
static1
Behavioral task
behavioral1
Sample
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Nicaean/Gangbrdderne86.doc
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Nicaean/Gangbrdderne86.doc
Resource
win10v2004-20240611-en
General
-
Target
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe
-
Size
853KB
-
MD5
57dbc2be60ede5140738c720a629781c
-
SHA1
b348e314c3f9be312725b23a0fecf491404caf66
-
SHA256
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c
-
SHA512
8932c191f72eb089d346848164c36104e6114e39cdeed19d1e67a7546ce68f01d8fdadec2c6f9ce5a80915e5781631fd37018f9e57c3a1d54d677f2e9c6ae006
-
SSDEEP
24576:N3mYVFbTdL3LgGStF2C/GVOoD5jQZj7/MJhmO:N3mYV9x3SH2C/EOEm7lO
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 2 IoCs
Processes:
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exepid process 2860 c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe 2860 c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe -
Drops file in Program Files directory 1 IoCs
Processes:
c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exedescription ioc process File opened for modification C:\Program Files (x86)\Common Files\hansson.ini c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\hansson.iniFilesize
43B
MD57e12fc067ec6fde7156ec11eeaab67b6
SHA1789e752d7f5437c3f0ec58ad19f01f8a70b3ff12
SHA256de7ad71debdcbe152a2f5cbd5aef0774cdc5e81d8aa5f8d708f1621ccb6625ac
SHA51229e5863d536984d7ac250563665eeecec9e3e3d490dc24d82fdaa6b956fa1f328fd49b8e2716d5eebee298d39585afd63dcadd2897793f69076cc362b1f63101
-
\Users\Admin\AppData\Local\Temp\nso1315.tmp\System.dllFilesize
12KB
MD56e55a6e7c3fdbd244042eb15cb1ec739
SHA1070ea80e2192abc42f358d47b276990b5fa285a9
SHA256acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA5122d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
memory/2860-231-0x0000000003AC0000-0x0000000006937000-memory.dmpFilesize
46.5MB
-
memory/2860-232-0x0000000003AC0000-0x0000000006937000-memory.dmpFilesize
46.5MB