87d3624772b8272767a3a4ffcceecc3052489cd09e494a6c352dce5e5efa4070

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 04:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

npcap-1.60.exe
Size

1.0MB
MD5

3081d2266918768da067a99f767e2a0b
SHA1

c1844016b5e991449ee1e62d44a312065d83e354
SHA256

87d3624772b8272767a3a4ffcceecc3052489cd09e494a6c352dce5e5efa4070
SHA512

e4c09130ac0124770014c7224e543c93fe473836c28a03466f5130bbbd61f7ddad5106bc10f82036028aabb76c5c2a31d40296ae818ed9f178f6ac96d68fe448
SSDEEP

24576:XZj8sCxPBp6wNLhYFzQLZxWRSuus56m4IpW1u0kFaa+Kp96vhZKj:12JpXGhes4m4GW1ut+i9+Cj

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Npcap\install.log	npcap-1.60.exe

Loads dropped DLL 3 IoCs

pid	Process
2956	npcap-1.60.exe
2956	npcap-1.60.exe
2956	npcap-1.60.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2956	npcap-1.60.exe

C:\Users\Admin\AppData\Local\Temp\npcap-1.60.exe
"C:\Users\Admin\AppData\Local\Temp\npcap-1.60.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso6C0E.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nso6C0E.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nso6C0E.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nso6C0E.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit