52cb8761856ce29433d6e455ef29da70d3d7a51ff4b28f5a0a1c332655891f0f

Resubmissions

03/11/2023, 19:16

231103-xy78jsha4w 4

03/11/2023, 19:10

03/11/2023, 08:07

03/11/2023, 08:02

03/11/2023, 07:59

Analysis

max time kernel
85s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sidekick-win-installer-34426.exe
Size

328KB
MD5

ece86b7cc20233c01d38df7a1a93daff
SHA1

de93f7d742c6c94da8ce8e700d2ee25520c6ee9f
SHA256

52cb8761856ce29433d6e455ef29da70d3d7a51ff4b28f5a0a1c332655891f0f
SHA512

7df133a06ad197ccc6edc3fde36de00421277c7920c8d436ca5d01680aa14dbdb1c48eedf3751268574b5093efef887f3ae618f94352dda09ca0f1d7f763390d
SSDEEP

6144:0Ya6XC5Wp3+7W98/MavNNM6RYRN3BXFULW+CgD0tNYF6m0qC:0Y/p3+7W8/HNNZi7l+kDYF6mM

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\nsvA22E.tmp	sidekick-win-installer-34426.exe
File opened for modification	C:\Program Files\nsvA22E.tmp\nsvA22F.tmp	sidekick-win-installer-34426.exe
File opened for modification	C:\Program Files\nsvA22E.tmp\	sidekick-win-installer-34426.exe
File opened for modification	C:\Program Files\nsvA230.tmp	sidekick-win-installer-34426.exe
File opened for modification	C:\Program Files\nsvA230.tmp\nsvA231.tmp	sidekick-win-installer-34426.exe
File opened for modification	C:\Program Files\nsvA230.tmp\	sidekick-win-installer-34426.exe

Loads dropped DLL 5 IoCs

pid	Process
4464	sidekick-win-installer-34426.exe
4464	sidekick-win-installer-34426.exe
4464	sidekick-win-installer-34426.exe
4464	sidekick-win-installer-34426.exe
4464	sidekick-win-installer-34426.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	4464	WerFault.exe	86

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4464	sidekick-win-installer-34426.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4464	sidekick-win-installer-34426.exe
4464	sidekick-win-installer-34426.exe

C:\Users\Admin\AppData\Local\Temp\sidekick-win-installer-34426.exe
"C:\Users\Admin\AppData\Local\Temp\sidekick-win-installer-34426.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 2640
  2⤵
  - Program crash
  PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4464 -ip 4464
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\HttpPostFile.dll

Filesize
4KB

MD5
14f58535542482e59e1fbacafb563737

SHA1
9332101d425d90eafbde3ccb27487940080a9472

SHA256
deb32afa701ba2790a4044d6144c063cbfc26bdbb191b536e229c9e6bdacbe82

SHA512
3175b4f0861e2b13309012419cdbd10a09ed54e9b26f8ad362973ae3b9d88521b9c72a6b03b11e02b0eb6ccb4421417944d8277e7b5d4d6182243b9d46b91fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\InetBgDL.dll

Filesize
7KB

MD5
d4f7b4f9c296308e03a55cb0896a92fc

SHA1
63065bed300926a5b39eabf6efdf9296ed46e0cc

SHA256
6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83

SHA512
d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\WebBrowser.dll

Filesize
93KB

MD5
dfe24aa39f009e9d98b20b7c9cc070b1

SHA1
f48e4923c95466f689e8c5408265b52437ed2701

SHA256
8ec65a3d8ae8a290a6066773e49387fd368f5697392dfb58eac1b63640e30444

SHA512
665ce32d3776b1b41f95ed685054a796d0c1938dbc237619fa6309d1b52ae3bd44e3cf0a1f53ebf88556f7603111cca6dff1bfc917a911e0a9ce04affd0d5261

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\installing.html

Filesize
1KB

MD5
fae3b355070331b9c8c1f66e95c22d9f

SHA1
5cb394ab05d6d2ce4c9ceec66d0eff466b7f3ee2

SHA256
dd5d18427c52c220a8a29b25e21ce7c35669a9446978296c2e0837f5a6f08bdf

SHA512
32605b1b4be47aceeee193c046493041b51d9993cf29f73e4595fe10d60dc6a997a0fa3eeda74fb48a5156f971b28b715bf725bc67d44d87b5052ebf6556f6ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\installing.js

Filesize
2KB

MD5
dfa7861bca754036ab853b3bb02b194d

SHA1
46d7c5ba614b39caa4857fcba4bdedbabb2c67c0

SHA256
2c286b6eefd38f032a385f3ac6a1f794deab3bac0fbff71bd0ba21453f477878

SHA512
c58d96fb2496a84261a5e4b18cf4156a30f9ad161bbabc3652b6b5c24976f1ac432dced31927a9443260cdca0292524d1f691766b7c0731f926d37be11fe0c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA1EF.tmp\stub_common.js

Filesize
817B

MD5
58b8ac894c64370cfa137f5848aeb88d

SHA1
6a1ac1f88a918a232b79fe798b2de69cf433945f

SHA256
0e28aa770b0afade30be85c6dc1e50344db8f8cdd3fa01989d81a9e20a4990bd

SHA512
ae309518e0f926021e4d9378950c1a375263247d4f79d8a8cc09464cd01653ae5e707d52a4b0c36d532e649c246f4be6b5ba8648f58fb0e3e40c495ae63180ab

Download Submit