58eafa39ef978c940a1edbed22cef29462a41be998ead337c6147ae8c1e84501

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NTAG5_Cockpit_v1.0_installer.exe
Size

6.8MB
MD5

4037a792c9efde378da589509d150297
SHA1

5239e7a7ad01d3918012f1b09d562ecaea997963
SHA256

58eafa39ef978c940a1edbed22cef29462a41be998ead337c6147ae8c1e84501
SHA512

0b59c5f82203da10bd679a88a99d8c4bc52aceb10f0c3e3ce7aafdca3646682b591bd15c05a102aa5f632bb3492ce89f2f854d715514a942429bd1b642a89f9f
SSDEEP

196608:OpYd2Sl3O0wFQ/HnjW226pTnAYNuVO/f+X6xomOF3hwTz+:OC242y/Hj523YU8emgRn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4412	NTAG5_NFC_Cockpit_v1.0.exe

Loads dropped DLL 2 IoCs

pid	Process
932	NTAG5_Cockpit_v1.0_installer.exe
932	NTAG5_Cockpit_v1.0_installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\NTAG5_Cockpit_v1.0_installer.exe
"C:\Users\Admin\AppData\Local\Temp\NTAG5_Cockpit_v1.0_installer.exe"
1⤵
- Loads dropped DLL
PID:932

C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_NFC_Cockpit_v1.0.exe
"C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_NFC_Cockpit_v1.0.exe"
1⤵
- Executes dropped EXE
PID:4412

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy9EE5.tmp\StartMenu.dll

Filesize
7KB

MD5
e439ea88b4453578adcfe9026cd287fd

SHA1
414ce13b7d4f2b1c4d51a71a037ec2822fa63e61

SHA256
27fb85eede9b98f4fb6cd9bd22f1f268e13d3bb365a4bb8da744090d032c76e4

SHA512
f8d1023eb3c665ecd10805bb95e1b29491b3653bd7178bdd39daffaf83564626e8679864056333ebfbf631f414195771de7824e669a07bacb0a04eee8d74b062

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy9EE5.tmp\UserInfo.dll

Filesize
4KB

MD5
e167f9a565781a30c03ff10370033319

SHA1
1858758b076946073de375c6eb1bec9867aa3689

SHA256
a912514823df595ba3a048099d3b89e925a4d41742afc67e772060952892f312

SHA512
96d8f5ac8e2c0961ba71075de52d12515e7a058cddf3fa1ec14e77545b0b5f4e29324a13e2eb287a447f1d24dc9f09e0a70b0a25401b0ef8d90e6e4a96ce6c61

Download Submit
C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_I2C_Cockpit_v1.1.exe

Filesize
1.6MB

MD5
ee6aa0e3e0a73cc444c77c80bf9a3dee

SHA1
7987fa69252f8c3838c2dd0ad2af70c8de8a0bc7

SHA256
009022d2e484e3b450846f8e0544d53d16a832680b2f7b5c1406666e2c85773c

SHA512
8c0e7c98975f741c2517a10d5194a077450dde6ec438513e2b190413881850c9f5e8d5c588f8c5bfb28901add0db009c8ff9789c10af99be7123a9e39619ae14

Download Submit
C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_NFC_Cockpit_v1.0.exe

Filesize
1.6MB

MD5
b3919b9e0de8faa5dd5c34ae810f12aa

SHA1
29cf15a6348b6cc40563aa21a5bfa6b64468c8ec

SHA256
6f76ec9fb4e8d9b8b830650d84c0d4cd198d666f01afd6ed8980b91e976fb17b

SHA512
80f7f785faf25f6ea08b659c9aa1b5b57886fe90c3fcfc476c64191eb8cd143d5c612af119f9830d8186bdeb15f428721d02822f849b22e1d10b18590190a3f3

Download Submit
C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_NFC_Cockpit_v1.0.exe

Filesize
1.6MB

MD5
b3919b9e0de8faa5dd5c34ae810f12aa

SHA1
29cf15a6348b6cc40563aa21a5bfa6b64468c8ec

SHA256
6f76ec9fb4e8d9b8b830650d84c0d4cd198d666f01afd6ed8980b91e976fb17b

SHA512
80f7f785faf25f6ea08b659c9aa1b5b57886fe90c3fcfc476c64191eb8cd143d5c612af119f9830d8186bdeb15f428721d02822f849b22e1d10b18590190a3f3

Download Submit
C:\nxp\NTAG5_Cockpit_v1.0\NTAG5_NFC_Cockpit_v1.0.exe

Filesize
1.6MB

MD5
b3919b9e0de8faa5dd5c34ae810f12aa

SHA1
29cf15a6348b6cc40563aa21a5bfa6b64468c8ec

SHA256
6f76ec9fb4e8d9b8b830650d84c0d4cd198d666f01afd6ed8980b91e976fb17b

SHA512
80f7f785faf25f6ea08b659c9aa1b5b57886fe90c3fcfc476c64191eb8cd143d5c612af119f9830d8186bdeb15f428721d02822f849b22e1d10b18590190a3f3

Download Submit
memory/4412-178-0x0000000000A00000-0x0000000000BA8000-memory.dmp

Filesize
1.7MB

Download
memory/4412-179-0x0000000005CB0000-0x0000000006254000-memory.dmp

Filesize
5.6MB

Download
memory/4412-180-0x0000000005700000-0x0000000005792000-memory.dmp

Filesize
584KB

Download
memory/4412-181-0x00000000056A0000-0x00000000056AA000-memory.dmp

Filesize
40KB

Download
memory/4412-182-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download
memory/4412-183-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download
memory/4412-184-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download
memory/4412-185-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download