044c5577aaaea092dd5a213de19138675e8182588709cda7ccb94ebaaf8a3df3

Analysis

max time kernel
95s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.exe
Size

18.2MB
MD5

1fe6953cfe807f836f5d651562a8a780
SHA1

54b01acdcc8f1bb05ce8eb055d6d92d52e681ee8
SHA256

044c5577aaaea092dd5a213de19138675e8182588709cda7ccb94ebaaf8a3df3
SHA512

f7d2c44f9d53abe6071edfcd0b66f81e9b4ee763709aaa1f36dbc96b7d7b74bef1ed3c98d1fb6980f02791433a4fbbe88374b7a18024d6796600127ec1a0b406
SSDEEP

393216:4vIDnftIjroMG8hgpZ/fxTAcn3rzhOj9XQFsE:4vIDlSUMG3zxZ3rNOxgt

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
4340	test.exe
4340	test.exe
4340	test.exe
4340	test.exe
4340	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Loads dropped DLL
PID:4340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\TvGetVersion.dll

Filesize
224KB

MD5
6ea2ec55f6f06468ee2c42a91bdd2e53

SHA1
f78eee0d1fa4f3995d6fc103089ba5561b9028b5

SHA256
9675e04270294129d6d199ebb06f62b10abc08a0742bd7e5b776187252b02a39

SHA512
ff2d9eefda7e069e4f9fca75cf1841dab81efd17d87ce326a7c05b7818743f398c4ee3159adf2bd8f5ac9a3ba9dfd902263dba4fd68a12a68ce78fd3493f1463

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\TvGetVersion.dll

Filesize
224KB

MD5
6ea2ec55f6f06468ee2c42a91bdd2e53

SHA1
f78eee0d1fa4f3995d6fc103089ba5561b9028b5

SHA256
9675e04270294129d6d199ebb06f62b10abc08a0742bd7e5b776187252b02a39

SHA512
ff2d9eefda7e069e4f9fca75cf1841dab81efd17d87ce326a7c05b7818743f398c4ee3159adf2bd8f5ac9a3ba9dfd902263dba4fd68a12a68ce78fd3493f1463

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\TvGetVersion.dll

Filesize
224KB

MD5
6ea2ec55f6f06468ee2c42a91bdd2e53

SHA1
f78eee0d1fa4f3995d6fc103089ba5561b9028b5

SHA256
9675e04270294129d6d199ebb06f62b10abc08a0742bd7e5b776187252b02a39

SHA512
ff2d9eefda7e069e4f9fca75cf1841dab81efd17d87ce326a7c05b7818743f398c4ee3159adf2bd8f5ac9a3ba9dfd902263dba4fd68a12a68ce78fd3493f1463

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF776.tmp\nsDialogs.dll

Filesize
9KB

MD5
d6c3dd680c6467d07d730255d0ee5d87

SHA1
57e7a1d142032652256291b8ed2703b3dc1dfa9b

SHA256
aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

SHA512
c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

Download Submit
memory/4340-153-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4340-155-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download