aff6128a0503b189a4e19b791808f25a28ee8515fa00f57e6a97d6966336506d

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RealtekWLAN_2024.0.9.227.exe
Size

3.3MB
MD5

e68893f5a7db3e51c2799d444cf1e5ba
SHA1

a5796f3de6f49cbdcb5b27116f58943dc63cedf6
SHA256

aff6128a0503b189a4e19b791808f25a28ee8515fa00f57e6a97d6966336506d
SHA512

6408e8d61ea35a972f94b822a8d673c37617a8354b8b8fdd349cb79fd638adab2100693c9a4ada4978e769e84e85823fa75c3f0254e04680d597756757ff5f97
SSDEEP

49152:494nZgwCrlFucoUsRfCJUC5bRaf+pkirYWZGee+6DBEZXv0T9Feu7v+qAv4xzVMJ:49MXcoZSUC5bRjoK8T9FX+qS4xzVHlfy

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1824	RealtekWLAN_2024.0.9.227.exe
1824	RealtekWLAN_2024.0.9.227.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\RealtekWLAN_2024.0.9.227.exe
"C:\Users\Admin\AppData\Local\Temp\RealtekWLAN_2024.0.9.227.exe"
1⤵
- Loads dropped DLL
PID:1824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw704F.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw704F.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw704F.tmp\InstallOptions.dll

Filesize
15KB

MD5
c32e0fd4ae35ebe913d7bdff974ab7bb

SHA1
e8ea2c5b030d7438539d1de02a13eb8a01cc5b19

SHA256
c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3

SHA512
751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw704F.tmp\ioSpecial.ini

Filesize
1KB

MD5
5a40d4b0905bc69faa30a697ea1978ec

SHA1
974aea5c87262914c32c2d4e5e986a5e5884a979

SHA256
9ac8157a42765a911b2418cc34e79cfbb94d0978ceb29d062b054f4477e232e8

SHA512
d73ac3f9c6a81f2b48cabb5f291909e88a798c2e01ba09e697416697c0be2e439e7e72f2c4887938ed459996a8ca74010d51ad78fa227a6cf56ae030b80446a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw704F.tmp\ioSpecial.ini

Filesize
1KB

MD5
e6d9793ee1cd3ea7e51e366d26943a4f

SHA1
52137412d82b3b613821f3f91479f520f7b475ba

SHA256
e12039586a2d7912dffb9c659f98e09a899a7661025ab0a401f79216319fadbe

SHA512
34895f480600047d78cec3d0f687c08bc7b846f506fb2a53af2efe6d6afd386064997ae932a09a2e7392223879fc120bea5a031e6d932c0ffe771a09681d1ec9

Download Submit