b65afd140bef684271071eb915e4019ca7daab4664f768235cf872e71bd130cd

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

共赢客户端安装包.exe
Size

40.1MB
MD5

feb79562a9d3049d860a33ba0b44e57c
SHA1

c980ec5c74e307125a2676b53aebf1026c472ab0
SHA256

b65afd140bef684271071eb915e4019ca7daab4664f768235cf872e71bd130cd
SHA512

cd0109b697606811b29ddd976ec76d6b96e0bea07f1fe8cfc4a27dc9edc224459edbc6cb92af96107bc4a6e25b82b12b4d73ecf737614b39fe51150e5eeae3ab
SSDEEP

786432:6H1B7k/Qn+VDpatbstLX0lySITmSO0IATctOwWiC6XMoljXBev99+yqusPqIGsBw:6n1+5pa+TyVICUBct7lCgtdk93quEgyq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
5000	共赢客户端安装包.exe
5000	共赢客户端安装包.exe
5000	共赢客户端安装包.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\共赢客户端安装包.exe
"C:\Users\Admin\AppData\Local\Temp\共赢客户端安装包.exe"
1⤵
- Loads dropped DLL
PID:5000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\LangDLL.dll

Filesize
5KB

MD5
3dd80dff583544514eeb3a5ed851a519

SHA1
56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

SHA256
86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

SHA512
955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\ioSpecial.ini

Filesize
1020B

MD5
034953c6df68f536d97cbdb8f895400a

SHA1
6cdb5ed5ffd1ff5884aacbddcc8aeb553fe1f297

SHA256
82e2987a8ae40ced5316129450c7c20684a1c1828f133c1910a748bd28aafb33

SHA512
bf382f87d3f0c22a28d5745132d7d64efb6e2fc88b6f5793ed0c5285a4b91dde5b623ddd383732c72e4c1f83294a72da64022592959404c64cbc726e0f983877

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7D54.tmp\ioSpecial.ini

Filesize
1KB

MD5
8349e33d0802ae14d2255d3fa07b9b69

SHA1
3d6f114ee3347870a760e0f9cdcd6f5dd4a8a5ba

SHA256
bbeaf8b2f7976f964cce151013222edfb1bdbae036680b57ea51e86ab50251da

SHA512
862d92d2a05f50e302517c3ddf5c0bd150d97b3025b397d87dd7179bccc5e2cfeaf1508ea31ffc512aaf0c9789cc5db5fc539c5e1522540928b46884508ac15f

Download Submit