3013195068d160bfaaa768314ab0a94f5b384eb94c9e8e2d9e08332f213f23cb

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9CA377E54139E616F2F31443A1E9CCE1.exe
Size

40KB
MD5

9ca377e54139e616f2f31443a1e9cce1
SHA1

c589e554a13488eaf358fc8674a8a5065c597099
SHA256

3013195068d160bfaaa768314ab0a94f5b384eb94c9e8e2d9e08332f213f23cb
SHA512

6b336aadc966fb7f53c5548f580ef5caf222cafff1c7199ff5a8cbf635bf9514cb7dfc4e0e81f830030dab22526e0b6e214a1fa5ab235858e57bffd2d5f54ee4
SSDEEP

768:G6U+d6Dy3NnNxGwVD4wal9AXmZdxRJuMvm/dLcdsd2I4vYw:dU+dcy3fxBk9UmZHs/hcyd2I4x

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1348	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023136-137.dat	nsis_installer_1
behavioral2/files/0x0007000000023136-137.dat	nsis_installer_2
behavioral2/files/0x0007000000023136-138.dat	nsis_installer_1
behavioral2/files/0x0007000000023136-138.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1348	3368	9CA377E54139E616F2F31443A1E9CCE1.exe	77
PID 3368 wrote to memory of 1348	3368	9CA377E54139E616F2F31443A1E9CCE1.exe	77
PID 3368 wrote to memory of 1348	3368	9CA377E54139E616F2F31443A1E9CCE1.exe	77

C:\Users\Admin\AppData\Local\Temp\9CA377E54139E616F2F31443A1E9CCE1.exe
"C:\Users\Admin\AppData\Local\Temp\9CA377E54139E616F2F31443A1E9CCE1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:1348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
40KB

MD5
9ca377e54139e616f2f31443a1e9cce1

SHA1
c589e554a13488eaf358fc8674a8a5065c597099

SHA256
3013195068d160bfaaa768314ab0a94f5b384eb94c9e8e2d9e08332f213f23cb

SHA512
6b336aadc966fb7f53c5548f580ef5caf222cafff1c7199ff5a8cbf635bf9514cb7dfc4e0e81f830030dab22526e0b6e214a1fa5ab235858e57bffd2d5f54ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
40KB

MD5
9ca377e54139e616f2f31443a1e9cce1

SHA1
c589e554a13488eaf358fc8674a8a5065c597099

SHA256
3013195068d160bfaaa768314ab0a94f5b384eb94c9e8e2d9e08332f213f23cb

SHA512
6b336aadc966fb7f53c5548f580ef5caf222cafff1c7199ff5a8cbf635bf9514cb7dfc4e0e81f830030dab22526e0b6e214a1fa5ab235858e57bffd2d5f54ee4

Download Submit