819c7a1f74d45ad04e10662e1a2c3124d13d9a2bca508847692251242cd455c3

Analysis

max time kernel
151s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2023, 01:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tdm64-gcc-10.3.0-2.exe
Size

76.7MB
MD5

6d0a602627a869e3aac0217a73e722d9
SHA1

ec7a8f8973ba6e012e1955caaedf905acab649ae
SHA256

819c7a1f74d45ad04e10662e1a2c3124d13d9a2bca508847692251242cd455c3
SHA512

c2ef18662b1d071bb5849f0c9f911e41e6302e43c76b559ffaef7cd59005fa07a507c98122539dec6837d5b38541637edae3386f06de2e39be734cfeec454253
SSDEEP

1572864:hH4RLOYAdO2OspGdLu2AMaFL65fCqaZ4poEqL/IHLuOsfYaxvPWueVEGcXn:hUOY+OspTNOhLWmLuO4jxUKb

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4224	tdm64-gcc-10.3.0-2.exe
4224	tdm64-gcc-10.3.0-2.exe
4224	tdm64-gcc-10.3.0-2.exe
4224	tdm64-gcc-10.3.0-2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4224-116-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral1/memory/4224-136-0x0000000000400000-0x0000000000453000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\tdm64-gcc-10.3.0-2.exe
"C:\Users\Admin\AppData\Local\Temp\tdm64-gcc-10.3.0-2.exe"
1⤵
- Loads dropped DLL
PID:4224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsu7A85.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7A85.tmp\UserInfo.dll

Filesize
4KB

MD5
7836f464ae0102452e94a363b491b759

SHA1
59909a48448b99e2eb9cd336d81d60764da59f31

SHA256
11adf8916947b5a20a071b494fa034cf62769dcc6293a1340b29a5bb29ac8e87

SHA512
5ed63eefa1b3b3caad4cb762ccb8419c05bcad3da3a7415235cda2d2a1f79eb018503ca30a0a92d6b72160327decea9a70c48e0c28de94dd67303d4aea4a02db

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7A85.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab101f38562c8545a641e95172c354b4

SHA1
ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

SHA256
3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

SHA512
72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7A85.tmp\tdminstall.dll

Filesize
492KB

MD5
c96c3aacd9a05e4288ee655556b3d911

SHA1
3edb85b13689215f8abe1ff1f08cfc470e36b521

SHA256
82144fa726369d153ab538a8edf0b2bee34e970bc190497fa6d2ad8ad01dcebe

SHA512
5958e59af39f3bdac6dbe97ed34dfcf1878f60e8560a50a513691c6511e3cf9079184c82ae8007368047d653d19e87e212fb96d2123d006ebab0f07733c1139d

Download Submit
memory/4224-116-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4224-136-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4224-137-0x000000006ED80000-0x000000006EE0B000-memory.dmp

Filesize
556KB

Download