85156b6391d646dfd0a9e8fbfba5bf234e1f629c78f0844034330a862fd77c1c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-09-2023 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

046d-uipak_x32 (1).exe
Size

312KB
MD5

391d2487595ef8e8368b9271abc76799
SHA1

bfa7d96b893ca7fea349ba8d01a4f6ac17fbd968
SHA256

85156b6391d646dfd0a9e8fbfba5bf234e1f629c78f0844034330a862fd77c1c
SHA512

ebc133e44f16bcb40046ded9539c0adb168c37a0e9f4865735bfd38a3a02d853fd6e5a38b59cd45fc48ae31e5cb879142f981d67a07b84591aa74e4cc81bbe2e
SSDEEP

6144:tzZZxgKlrEf08BCxkA6IGfA9TlM432wa7AfNgm2/xqHTi0zY108OiI:tzZz3wf0YWkIGoBMJ5QN3neVO/

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

046d-uipak_x32 (1).exe

pid process

1956 046d-uipak_x32 (1).exe
1956 046d-uipak_x32 (1).exe
1956 046d-uipak_x32 (1).exe
1956 046d-uipak_x32 (1).exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1956	046d-uipak_x32 (1).exe
1956	046d-uipak_x32 (1).exe
1956	046d-uipak_x32 (1).exe
1956	046d-uipak_x32 (1).exe

C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32 (1).exe
"C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32 (1).exe"
1⤵
- Loads dropped DLL
PID:1956

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LogiUI\Pak\lang\enu\layout.css

Filesize
3KB

MD5
43146a18ed8c6b0bc5e2810ad6327c53

SHA1
c101d0c444150cb46d0265ff4bfc066b5699b781

SHA256
8224ba90f40f9f9dd4651dd6237215b4db19f273f94cbbaecf2a2828aac3be64

SHA512
dfd834505305aafdc8141ae20225846ca6ef2e914de7a5a3d5ac5efbc3d20dab9fa545ddc5b9ccc0d1e1bc869570dc9bdbc2ddf093eed519ae8a86f3ef428ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\LangDLL.dll

Filesize
5KB

MD5
8e806ea2e205dc508a2fb5adda3419db

SHA1
21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

SHA256
86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

SHA512
6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\StartMenu.dll

Filesize
7KB

MD5
5ce52c5c52c7ece604cb5b07faf234df

SHA1
ab244b4a8caa29ecb24477d1cc1dd8484371176b

SHA256
96ac4ef189260d5d6137c27c9470afbbde382f771fef040e9a6fa3f0ca2e4ecc

SHA512
c42ec0d29350aa59cd783fdad542cd6dfcd983266726c1d45e7bdfcfa9a4302b2119b5081f987d967ec7a99b3b195717da3e839c9c9b8a34aeb38ca0e0d62262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\System.dll

Filesize
11KB

MD5
b9f430f71c7144d8ff4ab94be2785aa6

SHA1
c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

SHA256
b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

SHA512
c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\nsDialogs.dll

Filesize
9KB

MD5
7823fc560926dcd8741de6f0b900083f

SHA1
93dc0a704bc0b8f90668548e36daf459be0ae10a

SHA256
ca869d6c6752aa4a8a6c874a694b543442992d7e854d0c48a1b60bca01a8c8c6

SHA512
c79509cd306638ea9badec64ed9f7d0690e46fcab7ac77f25134065b628e76d2812f2d874ea2cc4283685c567b613a39d27b9fc4a6de2d4b9d30131f3161c4e9

Download Submit
\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\LangDLL.dll

Filesize
5KB

MD5
8e806ea2e205dc508a2fb5adda3419db

SHA1
21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

SHA256
86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

SHA512
6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

Download Submit
\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\StartMenu.dll

Filesize
7KB

MD5
5ce52c5c52c7ece604cb5b07faf234df

SHA1
ab244b4a8caa29ecb24477d1cc1dd8484371176b

SHA256
96ac4ef189260d5d6137c27c9470afbbde382f771fef040e9a6fa3f0ca2e4ecc

SHA512
c42ec0d29350aa59cd783fdad542cd6dfcd983266726c1d45e7bdfcfa9a4302b2119b5081f987d967ec7a99b3b195717da3e839c9c9b8a34aeb38ca0e0d62262

Download Submit
\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\System.dll

Filesize
11KB

MD5
b9f430f71c7144d8ff4ab94be2785aa6

SHA1
c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

SHA256
b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

SHA512
c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

Download Submit
\Users\Admin\AppData\Local\Temp\nst5EC4.tmp\nsDialogs.dll

Filesize
9KB

MD5
7823fc560926dcd8741de6f0b900083f

SHA1
93dc0a704bc0b8f90668548e36daf459be0ae10a

SHA256
ca869d6c6752aa4a8a6c874a694b543442992d7e854d0c48a1b60bca01a8c8c6

SHA512
c79509cd306638ea9badec64ed9f7d0690e46fcab7ac77f25134065b628e76d2812f2d874ea2cc4283685c567b613a39d27b9fc4a6de2d4b9d30131f3161c4e9

Download Submit