aff6128a0503b189a4e19b791808f25a28ee8515fa00f57e6a97d6966336506d

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RealtekWLAN_2024.0.9.227.exe
Size

3.3MB
MD5

e68893f5a7db3e51c2799d444cf1e5ba
SHA1

a5796f3de6f49cbdcb5b27116f58943dc63cedf6
SHA256

aff6128a0503b189a4e19b791808f25a28ee8515fa00f57e6a97d6966336506d
SHA512

6408e8d61ea35a972f94b822a8d673c37617a8354b8b8fdd349cb79fd638adab2100693c9a4ada4978e769e84e85823fa75c3f0254e04680d597756757ff5f97
SSDEEP

49152:494nZgwCrlFucoUsRfCJUC5bRaf+pkirYWZGee+6DBEZXv0T9Feu7v+qAv4xzVMJ:49MXcoZSUC5bRjoK8T9FX+qS4xzVHlfy

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2284	RealtekWLAN_2024.0.9.227.exe
2284	RealtekWLAN_2024.0.9.227.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2284	RealtekWLAN_2024.0.9.227.exe

C:\Users\Admin\AppData\Local\Temp\RealtekWLAN_2024.0.9.227.exe
"C:\Users\Admin\AppData\Local\Temp\RealtekWLAN_2024.0.9.227.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2284

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsj7908.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7908.tmp\ioSpecial.ini

Filesize
1KB

MD5
796d63d190b368a710c3ef2b494a64e4

SHA1
f50df630e358122a8a33e9d5832b38f41e8fc2c2

SHA256
a1ffce031240265cbdbe0b81945b40637f4cd0b20608c19b74ddeb1da3b6b346

SHA512
bb5d93f1934b6dc9b4c655431b3488477467e1b8bba86ffcbcce643ed0b0ae47531944bb53f932913e3ff713007b2b6ec9877ec957aaa8cc7de9b011331190d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7908.tmp\ioSpecial.ini

Filesize
1KB

MD5
8e67a7323549210c2e6250e6cfa642e1

SHA1
33b80e2d254aaff8c93eb052709a60109a2b8dce

SHA256
8a343f1d1e54f649ae75c63d797292f7821f82dd9af46346498b26112290cf32

SHA512
fc35d42deb313e40281b9081d196cd078372ce49f303c0ad2e9cf982dc150e037a4bec875b47aadb9830b0863cecfb7e5c4a747b0ec4b0ca9584dc2f83b202ef

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7908.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7908.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit