88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc

Analysis

max time kernel
61s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2023 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe
Size

150KB
MD5

6cd925574655ceeb750b8c947deafdda
SHA1

db06d6768b00efbd84dbcadcb47c08607e7f1312
SHA256

88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc
SHA512

a91d7d354ec7d910fc90fcfd9d6f53317e2cbd03211f53f4c6a4d9364c5405b70ca45ac2516298209416d7b795b546450207d0e36fbd3478aae0bb845c576a49
SSDEEP

3072:EAe+3aJpgWXTBuWbcqG5GAbKqiNMeAmVngg24ihVmY8uYj7AdV+44MI:XB+pgUzcq6AqKPs4ihWrMz4x

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1624	88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Arbejdstageres.Can	88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe
"C:\Users\Admin\AppData\Local\Temp\88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe
  "C:\Users\Admin\AppData\Local\Temp\88d7e83b74f2a3c04658ae1e33977affa625a748b776b36a742ab73281d414bc.exe"
  2⤵
  PID:2652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsq47B4.tmp\System.dll

Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
memory/2652-139-0x0000000000400000-0x0000000001654000-memory.dmp

Filesize
18.3MB

Download
memory/2652-149-0x0000000000400000-0x0000000001654000-memory.dmp

Filesize
18.3MB

Download