814c2383e3c7a4be60280f3a34110df60c130bccb7ef1d5a24a5b1d68f74ed98

Analysis

max time kernel
6s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-04-2023 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SetupReturnDungeonV2.exe
Size

64.0MB
MD5

29b3041cd81cec737b87b3cef5817e50
SHA1

2600020a7e6a33cdfc476a5ed8023951a9de3e70
SHA256

814c2383e3c7a4be60280f3a34110df60c130bccb7ef1d5a24a5b1d68f74ed98
SHA512

fc53d0e5e90d52f65c206217b0f1cdfd6ab12972798f7d66ece503d52ecadf17e7c90ac76800fd00cd409a54147b9e2de7b7fd13e6ea112ae6ca53113021db0e
SSDEEP

1572864:jjddrbWtNbdxPJUkqEJU2oZvVkBDIqxpJ8IDDqsss6Al8u132Hwf:XfWtNbdxPSKJU5kBVp3dz6AyuZf

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1268	SetupReturnDungeonV2.exe
1268	SetupReturnDungeonV2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1268	SetupReturnDungeonV2.exe

C:\Users\Admin\AppData\Local\Temp\SetupReturnDungeonV2.exe
"C:\Users\Admin\AppData\Local\Temp\SetupReturnDungeonV2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\d3dcompiler_47.dll

Filesize
1.5MB

MD5
93ee1874959f11e5d7f40e2dc0859fb7

SHA1
dd080429bb3405395dce91af0c52b84f770e9941

SHA256
cc0924f8367158eb11d62beba9d3586828293c575d3e8e94aad8b9a7c30414a0

SHA512
d8de9edfcb19a0d923c8a2c4df741bcdb1b0efec1f27b7d1ca719246b0dc9fbacd6ec74bcf47ab62c61ffcf9ed57f592f6f7c0993a56c6fb7612bb6095f230cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\ffmpeg.dll

Filesize
258KB

MD5
3fa0f9adb6ba51a48b53b6ee9efa881b

SHA1
3462fb86644ed6d973b0520a5342641bc83e1aeb

SHA256
cbd61bd1ed75d2cdc17edda0982f8699908fda43547bb71308341a0fc739a2e3

SHA512
f66fc3c91fd7cc0502bde46eb0d38dc22f5f039434aedddd80f85727fc7ff4cd79ccbbd1fd019a5201e1373951b2f09ae35b5c6b2909925284bcdba5acbce2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\icudtl.dat

Filesize
192KB

MD5
a8feeffffc732db71774469c4381ccc7

SHA1
abe60053f46dd2f2a693028787e506a121a22d57

SHA256
b4837f54bcccd385e3c11a492b534f1b9d4f4085c5799a8469bfdd7a6c7bd5ea

SHA512
31a53ede220bd190545d9435719f7bf5160446b2e1984549eb308111939c852a6c71b64efcf85f736ade8ad00c8de7ab260db43cc5e145d540e785011f18289e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi1585.tmp\7z-out\libEGL.dll

Filesize
64KB

MD5
30b1118f440787478502dd802b923ede

SHA1
d8b15fdaa9557745ac3fdcbd97d3ad54dbe2c94a

SHA256
46a79c20fa23d821417164f36cee4ee545fe62db106b79f565d77c77adc005dd

SHA512
edfb696c2b62bc175681b7773ff5f78efc5f510212bdc11b61ef8765c83619b1d583592c25b07d567eea4e8961152bc8b94b4b2fa1bc5737e6e82b994a657fc2

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1585.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi1585.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit