33631b4ed3627c8b80759baa45e75ca3a84aa60f85a1136a81b04b5cb7911bd6

Analysis

max time kernel
120s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mtasa_maetro-1.6.exe
Size

100.0MB
MD5

b2bc77e94163659098edc6840072cb53
SHA1

754f997c0d6858fdeb516d07eaa516daa2af5d3c
SHA256

33631b4ed3627c8b80759baa45e75ca3a84aa60f85a1136a81b04b5cb7911bd6
SHA512

b7183bd3c6daef4c9cd6a34d4172bc664f5de7d53cba9ec6d93ba10ccd2cd02bd9630a7b53519ddb208d82af230a3b2110037784bad0a4054d01b55550e10a6b
SSDEEP

3145728:graz/ScSMDkcx7PVBrIG5ziYidukvlSpf:gWUGpEuOlS

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe
2076	mtasa_maetro-1.6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2076	mtasa_maetro-1.6.exe

C:\Users\Admin\AppData\Local\Temp\mtasa_maetro-1.6.exe
"C:\Users\Admin\AppData\Local\Temp\mtasa_maetro-1.6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\ioSpecial.ini

Filesize
1KB

MD5
2cece0e605a56a5eb36abaae0806df3c

SHA1
f2a5d998f20654fe80fc833d79833179185255e8

SHA256
45c83d501e4b5e625e219885cfbc681446011cd991c401e8d7be74896e8f56fc

SHA512
e51d5bbedd92cda6b767eb64cb3276713af1462165f6a6a010cc7a15f3edde21d67178d003c8e2c464cbf0cece72c8ef027aeb128ec3562bbc13174edae12de1

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\AccessControl.dll

Filesize
15KB

MD5
d74bb4447af48da081c7d9b499f3a023

SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185

SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCC94.tmp\nsArray.dll

Filesize
12KB

MD5
da4bc09439ed21faf7620a53433aac92

SHA1
94e3347aebe16cb88b9f29f00134d9e0fb67e508

SHA256
216d68d3f0b37bb2203b3a438a84a089e8c388608f46377ad7e7d6a2709cf9b0

SHA512
920294456e8fee0c4137e4b4ba1389f09ade297d6ed49d78a9593d129dbb5eb048da2cbff7ac29687999991d5f38657cb31af73e2ccf6b8b9ce29480d4d81ec6

Download Submit