66f0d073d8f16ae2d2e878522c2c8964ac90de0f63d633391b78d5654a6a48cd

Analysis

max time kernel
140s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OriginInstaller2.exe
Size

1.9MB
MD5

046ef59e051ecb154bce0c7769e734e2
SHA1

251f22b0942d9d7e5e5057fc054c5e21f9f0dc8f
SHA256

66f0d073d8f16ae2d2e878522c2c8964ac90de0f63d633391b78d5654a6a48cd
SHA512

3bf978e100e493ff53565e2b3eba6bb132316c7f237c937b610e1618f58544bb999228c9e515fb55035d52339c6993008e3c04717270c6f67e12f8048f2bb16a
SSDEEP

49152:Dd80PVf1Jszn3XkNMbQTi3laRr0fE7ltxlhn+EzdpsR/g8:DdDfsznENdiG0wl7HXYR/L

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
900	OriginInstaller2.exe
900	OriginInstaller2.exe
900	OriginInstaller2.exe
900	OriginInstaller2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\OriginInstaller2.exe
"C:\Users\Admin\AppData\Local\Temp\OriginInstaller2.exe"
1⤵
- Loads dropped DLL
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsnB298.tmp\LangDLL.dll

Filesize
5KB

MD5
8604b1e7ba17411d4566dd054216b8b7

SHA1
5af3aaa7e8182a53525974f51cf57df73c445cfd

SHA256
c35d92918cfb4457228d34cbdcd64ef730a11ef083072baf6c874e4e02be07d4

SHA512
da9006c5e5cbd8f17790b370685f5b3a73a727e048d6a615b2ed65a89890b9d8d6f884168dd6459be529294f36cc368bfb38673569b59793b6ee3236e57a8e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB298.tmp\System.dll

Filesize
11KB

MD5
6ad39193ed20078aa1b23c33a1e48859

SHA1
95e70e4f47aa1689cc08afbdaef3ec323b5342fa

SHA256
b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2

SHA512
78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB298.tmp\System.dll

Filesize
11KB

MD5
6ad39193ed20078aa1b23c33a1e48859

SHA1
95e70e4f47aa1689cc08afbdaef3ec323b5342fa

SHA256
b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2

SHA512
78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB298.tmp\System.dll

Filesize
11KB

MD5
6ad39193ed20078aa1b23c33a1e48859

SHA1
95e70e4f47aa1689cc08afbdaef3ec323b5342fa

SHA256
b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2

SHA512
78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB298.tmp\nsDialogs.dll

Filesize
9KB

MD5
2c84faebfda2abe3b16fdf374df4272f

SHA1
a5b0258a94e0440aefe1ef320e62e7a9a1c8bb40

SHA256
72b38e4cca0af336655d55501c4ea05080baaa9921a62a2d717afe90bb801004

SHA512
207164cc6914c59d9f4f3b8ae97628c544093ba6ecda9f8da351f453cd97e03be7a640264b8686b2d5e6f3c787f4df1d8a1ebc8e51fd788a97460cd981cc015e

Download Submit