78a28b25b330513649439305a5d9293cb07fb796ad6521ef31f39a5453a549d8

Resubmissions

07-09-2023 14:45

230907-r45fysaf5s 10

07-09-2023 14:12

230907-rjbyxaad5s 10

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07-09-2023 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221.exe
Size

5.6MB
MD5

d070b8fbecec7498f26708eaa6bd212e
SHA1

b23891129d167fa34a95f23bdd79e258624f6898
SHA256

9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221
SHA512

822c0d7490e038af0ae150dec85521397965c4fbcd2d8e7e2d9978ff4dcef01aedc6edf4b13157276a43f200e7baf5b0a10c08b9fb374087f89a32e37ccef332
SSDEEP

98304:3+e8BYplED9piatxNa4DrdR9B0//Dw7NfY4srGYToe/wnWO3HpcMkbvNoCKD76WM:3+e8BYpqD9pF1a4D56zw7NfcVwW6HKMO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2668	9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2668	9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221.exe

C:\Users\Admin\AppData\Local\Temp\9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221.exe
"C:\Users\Admin\AppData\Local\Temp\9b1d7a498b1050d27f515245add3690ee79d41f64fa9a95242525c964fdd9221.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy7966.tmp\io.ini

Filesize
831B

MD5
756cffae52cf8e51201d3f3534dcec18

SHA1
60115fe727a95cd8db4a2454bf3fb4d68c97eef3

SHA256
d70b82c0ca30d24a5c09b27c455a17ebef62e785483558b63a9122fc766fb09e

SHA512
a3814c9758aa78cd355703f8e1855718828c945e246b3c2a4d69281c6993ef126e30d6f93aa05259a478dd3b3b25e616e770d4c753a235692501f76f290250b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7966.tmp\io.ini

Filesize
922B

MD5
d3086decf34a9b50a90804e16885ab91

SHA1
196df81317235c9de2fa02d38b8a1a2f2768a25d

SHA256
3ad06f59c464987cc3c1631333721d256527f5efbf091ee39e1305aa9d8a7dfc

SHA512
18036c3d1363ed37c4e72a7cc210ddf60180a05c2d45c7622108a7878163d0b6f78827c4949a13ed856d742196e855edc08996df1112161081b6f6b7ff727419

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7966.tmp\InstallOptions.dll

Filesize
15KB

MD5
9a886711c559308c39c01c20e9d9a1e3

SHA1
0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

SHA256
98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

SHA512
4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

Download Submit