1331f7d80b4c3747e3ecec485876bb64aaf3e1be9b586867754f575ca029b2dd

Analysis

max time kernel
205s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mercury.Installer.Offline-6.41.exe
Size

47.9MB
MD5

aeb96bc8eee329f50178234c5cd87a99
SHA1

bb1fbf56c87bd698f2a02f26618633172f239cea
SHA256

1331f7d80b4c3747e3ecec485876bb64aaf3e1be9b586867754f575ca029b2dd
SHA512

9e4b674342f3ecf09c91ff3a3f85659a3b032c4f8e0783fcba7d90929bd5c07403143d9c9667090829037e532d1f6bde2a09173b6fcd11ee5264264121a8ea03
SSDEEP

786432:Iy4Ku+/848673PXt58GjBtMrqKuyC89km+D+1N+A0judD2j6wveMbwO9S94LLZt8:EKu+kS3QcMWQ9eaN+9jf/m4LnQl/Jl

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2948	Mercury.Installer.Offline-6.41.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Mercury.Installer.Offline-6.41.exe
"C:\Users\Admin\AppData\Local\Temp\Mercury.Installer.Offline-6.41.exe"
1⤵
- Loads dropped DLL
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nssCC46.tmp\BgImage.dll

Filesize
7KB

MD5
3138dac7ef0377dc6a37ba84dc56badd

SHA1
ec071ccfd71645a8c5d0687f7d12f04ec432dc6c

SHA256
227a52e0785b070baf673c4d97d28ced967c3c01ea62bd1da5f5c593940919db

SHA512
f00ca4983cc7742b4a8fd8bd134952a4a95a73b38ab4015e1faa520b6bee4c925863b299c983a52884b39a8380bb113f25ef305d9cc8c6a87014affe05efc933

Download Submit