814c2383e3c7a4be60280f3a34110df60c130bccb7ef1d5a24a5b1d68f74ed98

Analysis

max time kernel
11s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SetupReturnDungeonV2.exe
Size

64.0MB
MD5

29b3041cd81cec737b87b3cef5817e50
SHA1

2600020a7e6a33cdfc476a5ed8023951a9de3e70
SHA256

814c2383e3c7a4be60280f3a34110df60c130bccb7ef1d5a24a5b1d68f74ed98
SHA512

fc53d0e5e90d52f65c206217b0f1cdfd6ab12972798f7d66ece503d52ecadf17e7c90ac76800fd00cd409a54147b9e2de7b7fd13e6ea112ae6ca53113021db0e
SSDEEP

1572864:jjddrbWtNbdxPJUkqEJU2oZvVkBDIqxpJ8IDDqsss6Al8u132Hwf:XfWtNbdxPSKJU5kBVp3dz6AyuZf

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1868	SetupReturnDungeonV2.exe
1868	SetupReturnDungeonV2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1868	SetupReturnDungeonV2.exe

C:\Users\Admin\AppData\Local\Temp\SetupReturnDungeonV2.exe
"C:\Users\Admin\AppData\Local\Temp\SetupReturnDungeonV2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2OaCzUNK32HQYUcnP0Qmqtgyrow\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\LICENSES.chromium.html

Filesize
7.9MB

MD5
312446edf757f7e92aad311f625cef2a

SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3

SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\libEGL.dll

Filesize
371KB

MD5
fde9a02f00bc7b70d93b9e928945087a

SHA1
5136e3d0b681af624086c77cd67edcf537dd27e4

SHA256
d1f504b9136ee6a8955b045e8a94dcb75c5013e9e6896d889edba1491649bc9f

SHA512
7e65a884df7bd7fc74c717528bbd61e5c0671d208cf02849e357b6690f02477659b7c3de43193bb487a2624638fafbfdece88557c9ef1ad28c03f0a6253c57ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\libGLESv2.dll

Filesize
6.4MB

MD5
ed58bd0690a86ac78764654edda50194

SHA1
f7973bdf9ad1c9e51350794c3d51459ba7a37f4e

SHA256
ff813885abdac4bc106bbf7d106325718f568756209b920ac2d83c3c9f9a2ce6

SHA512
955d442f1faf8e22c313c5feec1101444027b920d7fc8c171454c70edd3385f502ccc0a1f80d53bbaacf87517eabe51d74469a995ff7506917d3d2b205865040

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
c2b9f8256a070f23a2bac3457198657b

SHA1
8a6c14bfe8149476baf407e3695a78863aa35fd9

SHA256
b5ab9cbb8b4f5fb9a3b2f15989a8522d3985c2b4260b1ace9b4edb5173f10deb

SHA512
37bf0e2f1b2bc700519ac7b4fa023611f88a8338d9b303988e1ba37345c1f2199750e60a9cc1e8b3f34c37b78ca5a9ca1f02086755d6fe3d6c5aafeae449c66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc810D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit