Overview

overview

7

Static

static

1

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2023 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    502KB

  • MD5

    614ef8a46ff7b0f353b6ce2540c30d8e

  • SHA1

    66a6643ee7961e6785350e166e9d44ef0ee637c1

  • SHA256

    fc423870796dff42517d1695ac87a45b54e52f18a76184ea31f64ec778f80348

  • SHA512

    8462dd8f937fc048126dbc4d112ff9301655837b764561c0cc6b845cf71f25909c14ee6e88d9d95c388ea8edd7c384ab0886456336deaa8d606411b639dfab9d

  • SSDEEP

    12288:RcXBjshx9i0l9xWTKXH34GzOCAmYNdCi3aEAg0f0BpvmcUlxMUJ:RSBjaMGv3zOCaRsgkCuPIG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:2800
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    PID:3684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl618B.tmp\System.dll
    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsuB12F.tmp
    Filesize

    14KB

    MD5

    c01eaa0bdcd7c30a42bbb35a9acbf574

    SHA1

    0aee3e1b873e41d040f1991819d0027b6cc68f54

    SHA256

    32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

    SHA512

    d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
    Filesize

    29KB

    MD5

    916847d5695c57d6fb9da567039ad94f

    SHA1

    d23f0f19382efaa24aec1e78389427564cc58d71

    SHA256

    e7eec9b94e0d2f982ea2759ba127a9731f0e1f11d1c0e4b0b6a0f428f8837ae3

    SHA512

    ccf4b60a7df33901731e3622191df1deb9d8b9fff544e30ef022c38bedf1ea7ad081f6fb6cfc603efcc95fe58c1bb259f806b9c10a13561f85f257d4b0571318

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
    Filesize

    29KB

    MD5

    e320b81183ce3e805939a7744eae0391

    SHA1

    4fbcce6344d8b04c24b8570e72005a5aaee24039

    SHA256

    157c6be29fabcb436440509010117d24213d3701f86ab4abb2262721b2f9c74d

    SHA512

    834076d571b93f4a4b75fd07b8cbdd84151b408ea690e17f6ffcbae46fa665db6064c91811cea2115b16c4c39f7293e2138a842a7f7c51d178512d9710275c11

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
    Filesize

    29KB

    MD5

    33cdb30c9b2b3053a484f197efb3823d

    SHA1

    fe804bc569664007c2cedc14676b90db966e7c20

    SHA256

    babb786b2223c3298c2ec561816601079419c048f47d8f4f1e9bb7460d7ae014

    SHA512

    1330e85e47aed0dcff608aa1fec69b334cfc165156c216c32d2ceed9e0b647a4549cd98164a49edc68009e981a272e39187b3e1eec92daf76547425653849155

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
    Filesize

    29KB

    MD5

    3d489cfadf9e55970d4b65518cf64ac9

    SHA1

    28c0552f63382864ba9429069f03582d47b1d28b

    SHA256

    a4d7e838d0f212d7bb2c05e601c9a2360c1b899e508bffb382dce8827446c2cf

    SHA512

    163397742fcae606c566e1ed8e9defb5757cd1e92993ef84aab6ec802e63b7f68282184cc41723ca5c05d5b444ebf256ea720fa3e938abf7e2899da2885ec5f6

    Download Submit

  • memory/2800-139-0x0000000004A20000-0x0000000005EEC000-memory.dmp

    Filesize

    20.8MB

    Download

  • memory/2800-141-0x0000000004A20000-0x0000000005EEC000-memory.dmp

    Filesize

    20.8MB

    Download