Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-09-2023 02:38

General

  • Target

    140c89b38ac50f29b541457ba85bb770a83564af0d1b00002f4d275eaa1323ab.exe

  • Size

    14.9MB

  • MD5

    d40c752be4be6f6f39f98c722003e300

  • SHA1

    8e173fb3f24d9ac088e8132c4a206cbdb6bce17a

  • SHA256

    140c89b38ac50f29b541457ba85bb770a83564af0d1b00002f4d275eaa1323ab

  • SHA512

    6932ab4ac2176fca3b273bab977c2a12740043d32d1d58de6cd68d323fa9427f385c99dcb4a3310fb55666bc68f00e3d35646034bd2811e3ad347d1ac6778c24

  • SSDEEP

    393216:r9ZmNHw+UksicTaVZ+9S435/VXDmwsWwZk:IxsicG+9S4/CwIZk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\140c89b38ac50f29b541457ba85bb770a83564af0d1b00002f4d275eaa1323ab.exe
    "C:\Users\Admin\AppData\Local\Temp\140c89b38ac50f29b541457ba85bb770a83564af0d1b00002f4d275eaa1323ab.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\ButtonEvent.dll

    Filesize

    5KB

    MD5

    b49d6564c3897f96e2750aae764f7b47

    SHA1

    d4d5a4c7ddb8fb17496206364bfd84d0db69d28f

    SHA256

    31b5a8dc9026d871db07ecfb542869db1fd8ade38c6424dfe32edfe6c13473ff

    SHA512

    cdfbd8826ed88af3beeb60b6fb850382b700bd7f908c0947fa14719173efadd227f908aa160263d6cf028db1c26a47ff1673b106281b82b77712e6f919553396

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\System.dll

    Filesize

    12KB

    MD5

    8ebaa07760345c92c19db6662c2dfb7d

    SHA1

    25f981b561bbf267c35c8a4d761fb90209913bb7

    SHA256

    82d6235ad68a124bb1ce7bd9575011e089ffa9e0634c88b46c0d9a32834e459f

    SHA512

    31e9e0927b000a7512091dce7ea6b6ea1f813de89aead95dfa97086733ed9a6d2093a029a0a3323aa47a64a79a1edc762099e66070c7f9939e681eb072a781e3

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    55e14a574a8a4fc26cb19ba400d69cd0

    SHA1

    b729aa39c49c53637c0b298b16d2a65e5939a450

    SHA256

    d8f580613c63daa9a2bea73c508a147bd36e9d77c5ed6f1e5dd12d07fa302484

    SHA512

    dc8cba045d913975822d6303137011ec5b345538604da99dc1d86751df468c5fb32d1baa000d34d29a089c334c56131a24b51c469670505be2462e6eb6a41e7a

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\nsProcess.dll

    Filesize

    5KB

    MD5

    1893074522a853f68805a1b99a6ed91b

    SHA1

    cf0ddafeb6f3b5ef496ba03d2d170fbd796aecea

    SHA256

    cd85f428b4eac6c766b95491cc44959d47d3ba578f37cf402a8d5d5d8e2a00c3

    SHA512

    7779b3b64d9cc16b576bf3a3513b43620efdd72351e451c7a70c5c0728592300b6adfc24d6efbc4f3107834a14b9de424e1478d9d69b22bbbaea9d53ec3d6f43

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\nsProcess.dll

    Filesize

    5KB

    MD5

    1893074522a853f68805a1b99a6ed91b

    SHA1

    cf0ddafeb6f3b5ef496ba03d2d170fbd796aecea

    SHA256

    cd85f428b4eac6c766b95491cc44959d47d3ba578f37cf402a8d5d5d8e2a00c3

    SHA512

    7779b3b64d9cc16b576bf3a3513b43620efdd72351e451c7a70c5c0728592300b6adfc24d6efbc4f3107834a14b9de424e1478d9d69b22bbbaea9d53ec3d6f43

  • C:\Users\Admin\AppData\Local\Temp\nsh65FF.tmp\nsProcess.dll

    Filesize

    5KB

    MD5

    1893074522a853f68805a1b99a6ed91b

    SHA1

    cf0ddafeb6f3b5ef496ba03d2d170fbd796aecea

    SHA256

    cd85f428b4eac6c766b95491cc44959d47d3ba578f37cf402a8d5d5d8e2a00c3

    SHA512

    7779b3b64d9cc16b576bf3a3513b43620efdd72351e451c7a70c5c0728592300b6adfc24d6efbc4f3107834a14b9de424e1478d9d69b22bbbaea9d53ec3d6f43