b63b221bcc555071319231e9b260e5c7f13a4e9c9387be40082505cbc254cdec

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2023 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nlsdl.amd64.exe
Size

617KB
MD5

c756d1fe4a123e7cc95f88dc2548d388
SHA1

38225fff9e79e1293eda889893fecefb6f6bc4c1
SHA256

b63b221bcc555071319231e9b260e5c7f13a4e9c9387be40082505cbc254cdec
SHA512

6699caed3dc28278f5b6168b98db95fd12338787900892495a780faa604aa1d2f3c8611f75b847fb8b66439be4f54d762f880d12c7950305f5f31d64142b9aae
SSDEEP

12288:fTs85BBQFa0XcQjnjy+YASrq8fZxM8uH903P62FF8KH/gsI2:fQ8PBua0XzjyZZxM8u0NFj/XI2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	update.exe

Loads dropped DLL 2 IoCs

pid	Process
2900	update.exe
2900	update.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\setupapi.log	update.exe
File opened for modification	\??\c:\windows\NLSDownlevelMapping.log	update.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 2900	964	nlsdl.amd64.exe	85
PID 964 wrote to memory of 2900	964	nlsdl.amd64.exe	85

C:\Users\Admin\AppData\Local\Temp\nlsdl.amd64.exe
"C:\Users\Admin\AppData\Local\Temp\nlsdl.amd64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:964
- \??\f:\8827d196cd318f7843\update\update.exe
  f:\8827d196cd318f7843\update\update.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

F:\8827d196cd318f7843\update\update.exe

Filesize
946KB

MD5
4df0fb62873f937b453680fd204c2a70

SHA1
2207b8aafe93d43aa5fda0ff31d11609cecd8ad1

SHA256
b7896d8f0e24ac12c031211b2845a73e1380968eb090c932f622c127b65e86b9

SHA512
63a206c8cd9bad867081a85026acbb4740a6f3945b53d67348ba68d4f06774426cca89079570d7733f6a6aa9184758c89a5ac1847aa420c1b7c1b06de819af5f

Download Submit
F:\8827d196cd318f7843\update\updspapi.dll

Filesize
451KB

MD5
59b5bae540e021de17880e4bde817554

SHA1
ac321f865076d4f5f1074666b3a704b5003d246c

SHA256
4c90d40c3303be5f7ab50ff68ce7ec14d37e7afd8a30d6db10b5d2fc3bb3dd17

SHA512
b722b1dfc39461451b5417c04515abe1393f4548398b1df08ecf43ffdb38b8a89e1fe12f7125c25e710b7e7b1f99293c477573189be5f4e9a24042e563a5a4e4

Download Submit
F:\8827d196cd318f7843\update\updspapi.dll

Filesize
451KB

MD5
59b5bae540e021de17880e4bde817554

SHA1
ac321f865076d4f5f1074666b3a704b5003d246c

SHA256
4c90d40c3303be5f7ab50ff68ce7ec14d37e7afd8a30d6db10b5d2fc3bb3dd17

SHA512
b722b1dfc39461451b5417c04515abe1393f4548398b1df08ecf43ffdb38b8a89e1fe12f7125c25e710b7e7b1f99293c477573189be5f4e9a24042e563a5a4e4

Download Submit
\??\f:\8827d196cd318f7843\update\UPDSPAPI.dll

Filesize
451KB

MD5
59b5bae540e021de17880e4bde817554

SHA1
ac321f865076d4f5f1074666b3a704b5003d246c

SHA256
4c90d40c3303be5f7ab50ff68ce7ec14d37e7afd8a30d6db10b5d2fc3bb3dd17

SHA512
b722b1dfc39461451b5417c04515abe1393f4548398b1df08ecf43ffdb38b8a89e1fe12f7125c25e710b7e7b1f99293c477573189be5f4e9a24042e563a5a4e4

Download Submit
\??\f:\8827d196cd318f7843\update\update.exe

Filesize
946KB

MD5
4df0fb62873f937b453680fd204c2a70

SHA1
2207b8aafe93d43aa5fda0ff31d11609cecd8ad1

SHA256
b7896d8f0e24ac12c031211b2845a73e1380968eb090c932f622c127b65e86b9

SHA512
63a206c8cd9bad867081a85026acbb4740a6f3945b53d67348ba68d4f06774426cca89079570d7733f6a6aa9184758c89a5ac1847aa420c1b7c1b06de819af5f

Download Submit
\??\f:\8827d196cd318f7843\update\update.inf

Filesize
3KB

MD5
7507f2c42e0057f92214395a111574ca

SHA1
f38fcd3a731040cec7efcd6e1ee542baf12a5180

SHA256
9a3f93f4deafee4e1a13798f849a10f0ba0fe54176b3c348c5517e0fe399778f

SHA512
25c0e294b640e8aabc15106d4a52c89b58a1e9cd4b61ddc826b6e11fe02b86f9df0b70b6de9a77acfc1ae2b0e593bea9329502ebad009a1d36fa21d99b4f408f

Download Submit
memory/2900-18-0x0000000001E90000-0x0000000001F05000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads