6b901114e3090326271e1fbe3f1ad3a82bcac2933e795f1ecad1a0707e2508a3

Analysis

max time kernel
154s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 15:58

Target

Mps_installer.exe
Size

10.7MB
MD5

b91234668238dab5c234b98d2b93c83d
SHA1

72e6c78ba9a3f156c72bd2c7de3717a62a17d727
SHA256

6b901114e3090326271e1fbe3f1ad3a82bcac2933e795f1ecad1a0707e2508a3
SHA512

cfe6912ed8a37552759143ff5d84a36d19325fad57001ce8d4a0de55ab48e9481a885a73ea645c236821d8869b2c1ee04fa4b4d5c04f6538dc1857674ac79212
SSDEEP

196608:oN9MrwEZeq/yojQrH2W1zln/LXjpCHOQodKLlfjJTj4P39xipzy/m4iE:SaTT/yCQrH2Wj/LkHnv/q/ipzydiE

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2128	Mps_installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Mps_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Mps_installer.exe"
1⤵
- Loads dropped DLL
PID:2128

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsu939B.tmp\nsDialogs.dll

Filesize
9KB

MD5
eac1c3707970fe7c71b2d760c34763fa

SHA1
f275e659ad7798994361f6ccb1481050aba30ff8

SHA256
062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3

SHA512
3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09

Download Submit