ad1da074b5a660e91c49c77d851b68137dc277f07c6e2ccd404b4ff7e5d76115

Analysis

max time kernel
40s
max time network
105s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bt2-20230616_301_301002_301002101.exe
Size

10.6MB
MD5

3429c3be6c8c39bce465a2a8735dcc9f
SHA1

e15458cafba1bc8180a9c587e2d84db7417caf7b
SHA256

ad1da074b5a660e91c49c77d851b68137dc277f07c6e2ccd404b4ff7e5d76115
SHA512

3a29c8a4aa38cb83fd2dbb8b2d3af7e0d88f7c2f346b98d42f2c79d0a0f56777e5f96969c11198145bdfa57fea1b70d017de5755ce87acd9f8ef7df337c8705a
SSDEEP

196608:cgUPoZ+n584+baA/9/oC3/FwSb78nfXtkv2OwoY8NNSZSEGaYHmj:HZHNbaA/9/VvFwSHkdkOSTNNBEGaj

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

bt2-20230616_301_301002_301002101.exe

pid	process
1612	bt2-20230616_301_301002_301002101.exe
1612	bt2-20230616_301_301002_301002101.exe
1612	bt2-20230616_301_301002_301002101.exe
1612	bt2-20230616_301_301002_301002101.exe
1612	bt2-20230616_301_301002_301002101.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bt2-20230616_301_301002_301002101.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bt2-20230616_301_301002_301002101.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bt2-20230616_301_301002_301002101.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

bt2-20230616_301_301002_301002101.exe

pid process

1612 bt2-20230616_301_301002_301002101.exe
1612 bt2-20230616_301_301002_301002101.exe

C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe
"C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\System.dll
Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\UserInfo.dll
Filesize
4KB

MD5
a6f622a2f12ac10bca04e23deff5cada

SHA1
abf851b5ccfb64004e9b49718a467bd754545887

SHA256
b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500

SHA512
35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\example.dll
Filesize
8.0MB

MD5
ae7b2e1060493290d5ad3f10c6fe8888

SHA1
74cd7fea5ada46514d506f5b351f2efac2fbad7f

SHA256
67adde9ce3ca7978cb7b17d8beda26974af9f3126446afe19719a94c2cd58cf3

SHA512
2debaf01d70614aa9b565511c6a28eb2cc91caace1b2ed89899fd1ec6271243635245adc98665bf8ed10cc71fdfe89fd3888d28671e4e0746921cbd1e21ae29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\nsProcessW.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\wdTrack.dll
Filesize
847KB

MD5
502c6765efb0ddaa1eac04b0d92603fa

SHA1
35a89f9e515df119895fc377f37e780cf8a3a21d

SHA256
eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

SHA512
c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\System.dll
Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\UserInfo.dll
Filesize
4KB

MD5
a6f622a2f12ac10bca04e23deff5cada

SHA1
abf851b5ccfb64004e9b49718a467bd754545887

SHA256
b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500

SHA512
35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\example.dll
Filesize
8.0MB

MD5
ae7b2e1060493290d5ad3f10c6fe8888

SHA1
74cd7fea5ada46514d506f5b351f2efac2fbad7f

SHA256
67adde9ce3ca7978cb7b17d8beda26974af9f3126446afe19719a94c2cd58cf3

SHA512
2debaf01d70614aa9b565511c6a28eb2cc91caace1b2ed89899fd1ec6271243635245adc98665bf8ed10cc71fdfe89fd3888d28671e4e0746921cbd1e21ae29f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\nsProcessW.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\wdTrack.dll
Filesize
847KB

MD5
502c6765efb0ddaa1eac04b0d92603fa

SHA1
35a89f9e515df119895fc377f37e780cf8a3a21d

SHA256
eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

SHA512
c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

Download Submit