ea4c82599115e233e4a57d5323f856798fdd25d6502a29d01fb606f9ab52241d

Analysis

max time kernel
138s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2023 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InformatycznyExpert-idc47pjxn9.exe
Size

19.1MB
MD5

ad2e90ee042cebc0389af7276b0ee355
SHA1

5f159991b301a6e9c9678e043f60ceee26f339b9
SHA256

ea4c82599115e233e4a57d5323f856798fdd25d6502a29d01fb606f9ab52241d
SHA512

7a3e035461a653515fc0af934e85bc1ecf9afcde9fda157b7265aeda4917bff5f0565ec3f2194f4b5ec041ec226b91a9071a7823b0598a382b2a0a4bfa1550d7
SSDEEP

393216:GZNXBB9LGufKmMyYp63EcGtObjyq5tDe1WTMAqbSoHZQM4/0YQHq0cqaP:Gn9LGuymMlp4EcTbn5tSqkSKQf0Y70y

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
228	InformatycznyExpert-idc47pjxn9.exe
228	InformatycznyExpert-idc47pjxn9.exe
228	InformatycznyExpert-idc47pjxn9.exe
228	InformatycznyExpert-idc47pjxn9.exe
228	InformatycznyExpert-idc47pjxn9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\InformatycznyExpert-idc47pjxn9.exe
"C:\Users\Admin\AppData\Local\Temp\InformatycznyExpert-idc47pjxn9.exe"
1⤵
- Loads dropped DLL
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\TvGetVersion.dll

Filesize
224KB

MD5
28dd75648b11d97aec92d76d10823c46

SHA1
7e40fbec56f79d314c559e00017d88f198aee9ad

SHA256
7ac0bc0f4e451dc84ae5de58509e344d779cb3f3ebc139b838490ca6230e421d

SHA512
fe4e138315cc31b4847a7e11755631e78f9adc2742039ac2f72376236fbd39110eb6323e069e6cf18ad4dba6e52a0d810dbbdbd16bdc2470fb7d42053437d0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\TvGetVersion.dll

Filesize
224KB

MD5
28dd75648b11d97aec92d76d10823c46

SHA1
7e40fbec56f79d314c559e00017d88f198aee9ad

SHA256
7ac0bc0f4e451dc84ae5de58509e344d779cb3f3ebc139b838490ca6230e421d

SHA512
fe4e138315cc31b4847a7e11755631e78f9adc2742039ac2f72376236fbd39110eb6323e069e6cf18ad4dba6e52a0d810dbbdbd16bdc2470fb7d42053437d0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\TvGetVersion.dll

Filesize
224KB

MD5
28dd75648b11d97aec92d76d10823c46

SHA1
7e40fbec56f79d314c559e00017d88f198aee9ad

SHA256
7ac0bc0f4e451dc84ae5de58509e344d779cb3f3ebc139b838490ca6230e421d

SHA512
fe4e138315cc31b4847a7e11755631e78f9adc2742039ac2f72376236fbd39110eb6323e069e6cf18ad4dba6e52a0d810dbbdbd16bdc2470fb7d42053437d0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstCE3F.tmp\nsDialogs.dll

Filesize
9KB

MD5
d6c3dd680c6467d07d730255d0ee5d87

SHA1
57e7a1d142032652256291b8ed2703b3dc1dfa9b

SHA256
aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

SHA512
c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

Download Submit
memory/228-20-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/228-21-0x0000000006A90000-0x0000000006A96000-memory.dmp

Filesize
24KB

Download
memory/228-23-0x0000000006A90000-0x0000000006A96000-memory.dmp

Filesize
24KB

Download