712330857b1cba0ad8ab16cb8619eb8b5bd6e7f02ef07bc74e01e09634c92e9e

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/08/2023, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81b24c3fdcdb636ae2b237dbea966023.exe
Size

72.9MB
MD5

81b24c3fdcdb636ae2b237dbea966023
SHA1

e8d123e4d836bdfc48dacef30437b97893cad231
SHA256

712330857b1cba0ad8ab16cb8619eb8b5bd6e7f02ef07bc74e01e09634c92e9e
SHA512

b04443168fd87796ddf087aa45f6d65034b12cda3630cba9e325eaf86439356c59e9434df126c7605857b76974f9a44ba1b46b4c6d30ed6689b6d2713caab9ab
SSDEEP

1572864:KvM+UHJRIdlwU0zAYRQpjz87A+QT8WzUZkikPnWVMc5g8Dhj5/50k6FbIH0:C4RIl05+87Ah/sOyMceM1WFbj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2808	Native Access Setup PC.exe

Loads dropped DLL 6 IoCs

pid	Process
2376	81b24c3fdcdb636ae2b237dbea966023.exe
2808	Native Access Setup PC.exe
2808	Native Access Setup PC.exe
2808	Native Access Setup PC.exe
2808	Native Access Setup PC.exe
2808	Native Access Setup PC.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Native Access Setup PC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2808	Native Access Setup PC.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2808	Native Access Setup PC.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28
PID 2376 wrote to memory of 2808	2376	81b24c3fdcdb636ae2b237dbea966023.exe	28

C:\Users\Admin\AppData\Local\Temp\81b24c3fdcdb636ae2b237dbea966023.exe
"C:\Users\Admin\AppData\Local\Temp\81b24c3fdcdb636ae2b237dbea966023.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.exe
  ".\Native Access Setup PC.exe" /m="C:\Users\Admin\AppData\Local\Temp\81B24C~1.EXE" /k=""
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops desktop.ini file(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mia1\EULA_Native Instruments_deutsch.rtf

Filesize
80KB

MD5
83ac56627f98af42c6308a2855dc084a

SHA1
575c11204e10114d6ea183cab84d1fb205c3c837

SHA256
7366afba622abc7cb9b0487549897b6e898f197272b6aee4f94c306d6d79ce89

SHA512
de3661c59e614a44b37bd6fa4c5280a712ea98624d351df11a1ee2c631eb6a2abee3dd273eb84cf22df41b6e865ca24604e30900aa7cebc1eb95b834ef5d5662

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia1\Native Access Setup PC.msi

Filesize
596KB

MD5
4cd89dd6b17c0885e77fe61b48ff42fc

SHA1
ac639ec725d191441206a0ae1b76ce1a206310e8

SHA256
083ffb8933befea7e6a0d0029f443795214c0243e36bb0238778ab9850645366

SHA512
5af47cc7f8485d71de14863fea8b1c8f3e497c4ed71d4c2b9579d3d40b7095cbebd9bf142a93784c2da5a834986bf859d67b478d74c58ae39e1b3fcccb7a8e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia1\progressprereq.dfm.miaf

Filesize
286B

MD5
ac4fe3772db8afa7f463db498d5b4f76

SHA1
00ddc9b37c07ee82384b9835812cc13e0a153f29

SHA256
bc65b119db59347f377d3a8d2e93c5bd411d2928e172446971d4f7350afacad3

SHA512
e7da018c5431f588096e83620df60a83333ea333555f93a1029acee05f5b13f219de5cb634edb56144e168b0b970637e3c544223d09b97438d501120310a6594

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.exe

Filesize
4.2MB

MD5
ffef7b450f3d7f578826dd08be2b730b

SHA1
f0dc1b1bb9fc981f95be1f98f299f9c929791046

SHA256
e860fb96b955ac5ef9bd5620e328556c2c308fbb56982187df4a39766a4474bc

SHA512
18a05862ded0a0a1cceb1474ec82e19d48bbb0488f5c8be19bdd26a568fac5cfcadf605579d4f0a66a0deb9f4aa3f230f79526d8bca90aa1fd963b87a69145da

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.exe

Filesize
4.2MB

MD5
ffef7b450f3d7f578826dd08be2b730b

SHA1
f0dc1b1bb9fc981f95be1f98f299f9c929791046

SHA256
e860fb96b955ac5ef9bd5620e328556c2c308fbb56982187df4a39766a4474bc

SHA512
18a05862ded0a0a1cceb1474ec82e19d48bbb0488f5c8be19bdd26a568fac5cfcadf605579d4f0a66a0deb9f4aa3f230f79526d8bca90aa1fd963b87a69145da

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.msi

Filesize
596KB

MD5
4cd89dd6b17c0885e77fe61b48ff42fc

SHA1
ac639ec725d191441206a0ae1b76ce1a206310e8

SHA256
083ffb8933befea7e6a0d0029f443795214c0243e36bb0238778ab9850645366

SHA512
5af47cc7f8485d71de14863fea8b1c8f3e497c4ed71d4c2b9579d3d40b7095cbebd9bf142a93784c2da5a834986bf859d67b478d74c58ae39e1b3fcccb7a8e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.res

Filesize
10.9MB

MD5
ef1a8dc148425f935fd80e7aefa1a72f

SHA1
8b8976b551dbf782445237dd0abaa33f39fc9300

SHA256
97be5203d1a7980de1112fa82af70a4b6cbf693410336a58b44d423ca0de3c8e

SHA512
3805614eeeb0d5319f59d2f273ec5ca4b18a4a76949017272db7350b91703e0fd78e442edc19c66caf5b4412d38da504b348a648c2b2b45093d765e5e27131ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\E043EA3E\D998B584\PaneSpecifics.qml

Filesize
2KB

MD5
c24d49381cf8b3e6098fda1c27527e56

SHA1
4c78067e28c7fc742c52461585edf9113483e5d0

SHA256
b3ba820ff86bf5ede7116543342393ab2279c2deb37c23ce3d240a1f114f16ef

SHA512
89022c8518525601024b6c63ca425fae6f0010d1a167ff7eef6b7526f6ac634c856811b43d18e0555821f1286895a44f1d7dba6fc26ab58a50e15fe1fff64308

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\E043EA3E\D998B584\RadioDelegateSpecifics.qml

Filesize
2KB

MD5
df7e32b0e18bd35fa8453cb1263886b9

SHA1
f4336c9380a7fbee4dfbc17c545b409364f7f8b3

SHA256
8207c603c9de51d9954302dd9df559a1df70e0a9658af62637229b5a2437eec3

SHA512
21d4e9b1d71c5ea9c7c66e5bacead5d4857ac109f7452d81c6d793f8843dd1d6f9194011e41259cdb9e3faecc04675a1433a2dfcbf0b758ff97cbd068fd95732

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\E043EA3E\D998B584\StackViewSpecifics.qml

Filesize
2KB

MD5
b450eba19443a3df0571977ceaf495d8

SHA1
b35b0c22629222f33bda33156c178af505808906

SHA256
34f14e5b36de01740dc8a7c571ff8ce65bceb7fc4c26f906e10c08773b644ae6

SHA512
cd145a9fa4ecddc55f133a64fd693eadf2ce3c22af599585e9b0b350827ae9309f9345c79756da2f0ca9230b62085863924b5af4d9417dfbf5c30f124c3354dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\E043EA3E\D998B584\SwitchSpecifics.qml

Filesize
2KB

MD5
95806d0bfadf617cdb91b9baacab5429

SHA1
2102999ec25be88f138ea7c8fbf2a1bf4454c766

SHA256
07911dff4b3128de29fb83223a78878f9e972f35a596429861c7ea7956923b2d

SHA512
00d3b1dd1d764859249a5997ec4b2ec68fdf7c245a3ad4276a81370b2f43090f41d32de48d94307703436e661ebaf64ff96332f109b0e611b74521f28c8f8004

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\E043EA3E\D998B584\ToolButtonSpecifics.qml

Filesize
2KB

MD5
920c6a6b84d14e1995291b8177a1141c

SHA1
c9ab88cc4c09efbbba25b63a70479d3159a837be

SHA256
9cd02378488e8ddc891cbc1e7718be197088a628d07100ed2d676b958f57b81e

SHA512
1fc8193ca7fbbfd005a4d8169535789086460f4f2272086fe44da7c9e793f9e4b056a5f7d9bbb25bd818dc56a7fd96864f6eb8abb244e5c27644fc8d9ba04c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\EEAA28BB\4ADBBACC\Native Access.exe

Filesize
22.2MB

MD5
b9e467c636350ef3387382c2b546f436

SHA1
5a34a23f352a0ef91069442636fdbf59662b7ba7

SHA256
7e3df5b4d61a06b1300bf662c8dff703d2e926227a70ec944d714e0a92ef67ea

SHA512
c78dda2695fae18809a3b87097b401aede84e3bd943c55e2aa1602253548dd5fc7469017f45a50c0c58fc3df8f31fdeea8ce9854c2e3456461f0a6b976b2946a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\data\OFFLINE\mIDEFunc.dll\mEXEFunc.dll

Filesize
99KB

MD5
b491a4eba59ab39c7705089523d0f0e0

SHA1
b0c266593160edc50bb49b6bd7a45a96d104c0d8

SHA256
a3d8bc6a70307e29ed11b05d5b52c1b3d5c2640f85dfc7f67e4e38f6cdacabed

SHA512
9ae066492a17d402dc21349d228866332e3a37bbfe29f38eb5aa0bdb6dbed925f21b51d4d4ddfe30b26c936f27f73aa9a58544c9781b4b11d2eae25d201c6158

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia76A6.tmp\mia.lib

Filesize
565KB

MD5
e6c930ab2d929ce6ac088799b57ae430

SHA1
8d1628b4f816dc93b8f843e7a28d760ad0edccc6

SHA256
d3125717c7f99cee05045995d10f2986f9a2608ffdedfb29b34b472f3f36f952

SHA512
a3d082674d9a4314bdae8e9ac429bd22030bc7ff69c695afd53ba9a785c7a5ff44fd7599278bb0422378b0aae3102d652f2cc03574285729196078f2717bae4f

Download Submit
\Users\Admin\AppData\Local\Temp\mia1\mEXEFunc.dll

Filesize
99KB

MD5
b491a4eba59ab39c7705089523d0f0e0

SHA1
b0c266593160edc50bb49b6bd7a45a96d104c0d8

SHA256
a3d8bc6a70307e29ed11b05d5b52c1b3d5c2640f85dfc7f67e4e38f6cdacabed

SHA512
9ae066492a17d402dc21349d228866332e3a37bbfe29f38eb5aa0bdb6dbed925f21b51d4d4ddfe30b26c936f27f73aa9a58544c9781b4b11d2eae25d201c6158

Download Submit
\Users\Admin\AppData\Local\Temp\mia1\mEXEFunc.dll

Filesize
99KB

MD5
b491a4eba59ab39c7705089523d0f0e0

SHA1
b0c266593160edc50bb49b6bd7a45a96d104c0d8

SHA256
a3d8bc6a70307e29ed11b05d5b52c1b3d5c2640f85dfc7f67e4e38f6cdacabed

SHA512
9ae066492a17d402dc21349d228866332e3a37bbfe29f38eb5aa0bdb6dbed925f21b51d4d4ddfe30b26c936f27f73aa9a58544c9781b4b11d2eae25d201c6158

Download Submit
\Users\Admin\AppData\Local\Temp\mia1\mEXEFunc.dll

Filesize
99KB

MD5
b491a4eba59ab39c7705089523d0f0e0

SHA1
b0c266593160edc50bb49b6bd7a45a96d104c0d8

SHA256
a3d8bc6a70307e29ed11b05d5b52c1b3d5c2640f85dfc7f67e4e38f6cdacabed

SHA512
9ae066492a17d402dc21349d228866332e3a37bbfe29f38eb5aa0bdb6dbed925f21b51d4d4ddfe30b26c936f27f73aa9a58544c9781b4b11d2eae25d201c6158

Download Submit
\Users\Admin\AppData\Local\Temp\mia1\mEXEFunc.dll

Filesize
99KB

MD5
b491a4eba59ab39c7705089523d0f0e0

SHA1
b0c266593160edc50bb49b6bd7a45a96d104c0d8

SHA256
a3d8bc6a70307e29ed11b05d5b52c1b3d5c2640f85dfc7f67e4e38f6cdacabed

SHA512
9ae066492a17d402dc21349d228866332e3a37bbfe29f38eb5aa0bdb6dbed925f21b51d4d4ddfe30b26c936f27f73aa9a58544c9781b4b11d2eae25d201c6158

Download Submit
\Users\Admin\AppData\Local\Temp\mia76A6.tmp\Native Access Setup PC.exe

Filesize
4.2MB

MD5
ffef7b450f3d7f578826dd08be2b730b

SHA1
f0dc1b1bb9fc981f95be1f98f299f9c929791046

SHA256
e860fb96b955ac5ef9bd5620e328556c2c308fbb56982187df4a39766a4474bc

SHA512
18a05862ded0a0a1cceb1474ec82e19d48bbb0488f5c8be19bdd26a568fac5cfcadf605579d4f0a66a0deb9f4aa3f230f79526d8bca90aa1fd963b87a69145da

Download Submit
\Users\Admin\AppData\Local\Temp\mia76A6.tmp\mia.lib

Filesize
565KB

MD5
e6c930ab2d929ce6ac088799b57ae430

SHA1
8d1628b4f816dc93b8f843e7a28d760ad0edccc6

SHA256
d3125717c7f99cee05045995d10f2986f9a2608ffdedfb29b34b472f3f36f952

SHA512
a3d082674d9a4314bdae8e9ac429bd22030bc7ff69c695afd53ba9a785c7a5ff44fd7599278bb0422378b0aae3102d652f2cc03574285729196078f2717bae4f

Download Submit
memory/2808-2848-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2808-2986-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2808-2987-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2808-2990-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download