ed09de323c9ce1e5caec2ab5d3dc03ecc820e5469c5d70c9ffbca3f17678d237

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2023 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NPE_server.exe
Size

12.3MB
MD5

913a5aaa55139c5c059a1eadc1b77ef2
SHA1

ddd96cc367e4aec0f5c263173ad43d09f4660eb6
SHA256

ed09de323c9ce1e5caec2ab5d3dc03ecc820e5469c5d70c9ffbca3f17678d237
SHA512

a07c634f70f84c1a2dfe7230341737a1fcbbddaaa18f0250b9a499b641b63a267990a8063f10d3f6902595c995226dd0adcccedbc38b66063f24ae317ddae5f1
SSDEEP

196608:bIz0BLgJqcFf/xF2g2EOS/lJU0V3trh1qLwY4aAXGhJcKZzuUFG2X6:czlqcNJ4U7DtHrhkLi2hJcKtuOG2X6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
384	NPE_server.exe
384	NPE_server.exe
384	NPE_server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\NPE_server.exe
"C:\Users\Admin\AppData\Local\Temp\NPE_server.exe"
1⤵
- Loads dropped DLL
PID:384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\ioSpecial.ini

Filesize
739B

MD5
606f6776a924a4d99e3d187977d81f44

SHA1
a83088af16f99e7aeca9c49db3406c77cb63e4fc

SHA256
e95068056c29c0a92b86e434ed90aea58bf60daa9adcc054a344d864fcb4e0e2

SHA512
d39b2494561bce1f69b902c5cde3047db9920142625ffbe526633fba261530253ba19657be3f012777c77c9fccce67f8d9f9695817e28d4896ffa15f385d0e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\ioSpecial.ini

Filesize
739B

MD5
606f6776a924a4d99e3d187977d81f44

SHA1
a83088af16f99e7aeca9c49db3406c77cb63e4fc

SHA256
e95068056c29c0a92b86e434ed90aea58bf60daa9adcc054a344d864fcb4e0e2

SHA512
d39b2494561bce1f69b902c5cde3047db9920142625ffbe526633fba261530253ba19657be3f012777c77c9fccce67f8d9f9695817e28d4896ffa15f385d0e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7C99.tmp\ioSpecial.ini

Filesize
778B

MD5
8d592302d7190da60a69025732a521c1

SHA1
8b5901b605b3f0dca3c2aa73b12beefa1bfbb88e

SHA256
559d682de0d1ad4de5f8eb30362fe684039386232f7c7b4aecc09e5a7cb9b957

SHA512
6b19e4e03b11b995b4b205a14e67e94f03e437a82dd7f3a6589647e14c08df71c27998367c3e2be97ce67646a1a6cfe57d45d78df2604fad2c2c605ef941fa8e

Download Submit