9ccb603449ac624f8ad50fd207354dbd7487dbeb4dff5934361900fdcc4119be

Analysis

max time kernel
66s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2023 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43d7f670d9c9ec5ed1320337627405ef.exe
Size

5.1MB
MD5

43d7f670d9c9ec5ed1320337627405ef
SHA1

c3983c49b9085fe63e167efcb2f4ee48ea9be7e8
SHA256

9ccb603449ac624f8ad50fd207354dbd7487dbeb4dff5934361900fdcc4119be
SHA512

eddd4bd7a46cf7a021de2d356112f0e2fdf9efdc73d9e14fd6749b719bf52f4703812fc5e5c5d279a8d06b636612d26236c97b986a7ed845f1b8a64a627a196d
SSDEEP

98304:91O7uP/6EdzIJsi/qJz/vRna4Wuou4N3cUStTDprQ8RtvmJmBvY1aKQpObiT6l:91OK6SzIyoq/n6t3cU0tQ83o1aK4O2T4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3152	setup.exe

Loads dropped DLL 5 IoCs

pid	Process
3152	setup.exe
3152	setup.exe
3152	setup.exe
3152	setup.exe
3152	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000022fc6-141.dat	nsis_installer_1
behavioral2/files/0x0007000000022fc6-141.dat	nsis_installer_2
behavioral2/files/0x0007000000022fc6-140.dat	nsis_installer_1
behavioral2/files/0x0007000000022fc6-140.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 3152	2376	43d7f670d9c9ec5ed1320337627405ef.exe	82
PID 2376 wrote to memory of 3152	2376	43d7f670d9c9ec5ed1320337627405ef.exe	82
PID 2376 wrote to memory of 3152	2376	43d7f670d9c9ec5ed1320337627405ef.exe	82

C:\Users\Admin\AppData\Local\Temp\43d7f670d9c9ec5ed1320337627405ef.exe
"C:\Users\Admin\AppData\Local\Temp\43d7f670d9c9ec5ed1320337627405ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\7zSED24.tmp\setup.exe
  .\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSED24.tmp\Setup.exe

Filesize
4.9MB

MD5
1120dbd8ac9aa9423308b23499f82fd7

SHA1
7f843f28e85d4bc864f324464fe26a7ea1566179

SHA256
026b4814f68bd87f6b34d71146c3877e752551831d3d72f293bae7f319727c5c

SHA512
0e7f81cb4c0cc1249d72bae5a9c8cea081d60a5726d09008c816cd06639d02b2cba146a711b1cefb0b9d4ba71289d0c54979e59e477a376543804cf9a1b30e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSED24.tmp\setup.exe

Filesize
4.9MB

MD5
1120dbd8ac9aa9423308b23499f82fd7

SHA1
7f843f28e85d4bc864f324464fe26a7ea1566179

SHA256
026b4814f68bd87f6b34d71146c3877e752551831d3d72f293bae7f319727c5c

SHA512
0e7f81cb4c0cc1249d72bae5a9c8cea081d60a5726d09008c816cd06639d02b2cba146a711b1cefb0b9d4ba71289d0c54979e59e477a376543804cf9a1b30e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\LangDLL.dll

Filesize
5KB

MD5
ed619e32ccf44d3a2b7be5a81e4ccbee

SHA1
b89775e6c7e49004e3199a0e96a28c473ecd6c69

SHA256
ef0d7e2eba9e197c37e68b4fd1d79e8ac0bbd855846ebe506f858c73a1b296c0

SHA512
853f8b1313d1911abe0eb77b28cd9f73a82e06a693009d581effa8691411e751a2187f176f23b17d4bdbf45b81a29f5fb71cbe40b410e14080d1d7b86ec13aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\md5dll.dll

Filesize
8KB

MD5
a7d710e78711d5ab90e4792763241754

SHA1
f31cecd926c5d497aba163a17b75975ec34beb13

SHA256
9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

SHA512
f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF9D8.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab73c0c2a23f913eabdc4cb24b75cbad

SHA1
6569d2863d54c88dcf57c843fc310f6d9571a41e

SHA256
3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457

SHA512
99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8

Download Submit