Analysis Overview
SHA256
4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe
Threat Level: Shows suspicious behavior
The file 4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-10-31 22:06
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-31 22:06
Reported
2022-10-31 22:08
Platform
win7-20220901-en
Max time kernel
43s
Max time network
48s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe
"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"
Network
Files
memory/1184-54-0x0000000075A11000-0x0000000075A13000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsj25FA.tmp\LangDLL.dll
| MD5 | 8be27f3bdec2b49d0a6a674716622304 |
| SHA1 | 70d17db576ed484a4c0195571118d307fd4dc1b9 |
| SHA256 | 4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47 |
| SHA512 | add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801 |
\Users\Admin\AppData\Local\Temp\nsj25FA.tmp\InstallOptions.dll
| MD5 | d61d6c709e7947296603059f8bedeba9 |
| SHA1 | bdcfc90c358c82be43ef85727a7bdfebbd6d1b69 |
| SHA256 | 65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63 |
| SHA512 | ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b |
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-31 22:06
Reported
2022-10-31 22:08
Platform
win10v2004-20220812-en
Max time kernel
91s
Max time network
146s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe
"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsw673B.tmp\LangDLL.dll
| MD5 | 8be27f3bdec2b49d0a6a674716622304 |
| SHA1 | 70d17db576ed484a4c0195571118d307fd4dc1b9 |
| SHA256 | 4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47 |
| SHA512 | add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801 |
C:\Users\Admin\AppData\Local\Temp\nsw673B.tmp\InstallOptions.dll
| MD5 | d61d6c709e7947296603059f8bedeba9 |
| SHA1 | bdcfc90c358c82be43ef85727a7bdfebbd6d1b69 |
| SHA256 | 65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63 |
| SHA512 | ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b |