80a4598c16131f1924bb39b859625f5c38a6672030a6dffb67fa744ab552172d

Analysis

max time kernel
150s
max time network
34s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe
Size

789KB
MD5

5bc2e7a89e09b584279c504f8884e9c8
SHA1

90178ec8240e332eb3c66b5a02b68fd13553ca6a
SHA256

ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92
SHA512

0b3dce05dffc0ea9dd066e7cbc320026ef83149fb5a2501d18a2d0288d01261bdc95966cdafc4bbaca932d9449c79fc46aa19164848519d3905662f829bc382b
SSDEEP

12288:nEExihnPg8v3/SioO0sBgWopQtgyM3ooZT1xOT6WQgpSOzK84YBn4CZL8Ko:EExynPRv3/XxK9yMTF1xQLdaYDl5o

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2364	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Stipulerende.Tro	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Uforsvarligheden\Delimiting\Egos.ini	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\Pieceworker\Overflodssamfundenes.ini	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe
File opened for modification	C:\Windows\resources\Supervitality54\Harmoniseringens\Desavousbr.Che	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe
File opened for modification	C:\Windows\resources\Ata.Aur216	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe
File created	C:\Windows\resources\Antirationalist\Adaptional\Posits.lnk	ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe
"C:\Users\Admin\AppData\Local\Temp\ad320f0cd9d54c0e0f86320f7f3744100a89cad81c79e7280ff42667bc56ba92.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Skolekkkenet.lnk

Filesize
1KB

MD5
b8f4cc18af84340ab35c25178cf0fa43

SHA1
74989173ccbc74e007bda7ce389c6b569aa0bae5

SHA256
7e4d35e1ccfefdc826e2bf70b10819f2a68b60e5d99a5ee1aa1e6b2d791992ba

SHA512
7619dd1288ac11ed0037221aa0b6e14eb246e2f21344d119c2097cad501747788b45f46e9aae1771e76d560bd3d06521040052f25a217632ff783de2230cb766

Download Submit
\Users\Admin\AppData\Local\Temp\nse2188.tmp\System.dll

Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit