95376f97f9ac616fe06cde41db25c37ba5fa02e127a016efb0ebc522b02107a8

Analysis

max time kernel
87s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PortableApps.com_Platform_Setup_26.3.1.paf.exe
Size

6.1MB
MD5

5350f461291aab580b3a04af69fdafe6
SHA1

f8018aa8c6bc01b353856b28b034ee3fa8bb6746
SHA256

95376f97f9ac616fe06cde41db25c37ba5fa02e127a016efb0ebc522b02107a8
SHA512

8196cea9e2d094318c80af4b4c87a6d5ce1c16dd85baf27bc869f1043baaa4e160adf49d8c233f45fe8fbbbaf09ba4486b6c56f2068ca2159887ec8f789ec984
SSDEEP

196608:+C4oDROTTmo7ZU9qGiJIhaFOBIF6gU+k7butFgKmlWWG:+GDROT6oa48EOKXUB7buUlWWG

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\Documents\Desktop.ini	PortableApps.com_Platform_Setup_26.3.1.paf.exe
File created	C:\Users\Admin\AppData\Local\Temp\Documents\Music\Desktop.ini	PortableApps.com_Platform_Setup_26.3.1.paf.exe
File created	C:\Users\Admin\AppData\Local\Temp\Documents\Pictures\Desktop.ini	PortableApps.com_Platform_Setup_26.3.1.paf.exe
File created	C:\Users\Admin\AppData\Local\Temp\Documents\Videos\Desktop.ini	PortableApps.com_Platform_Setup_26.3.1.paf.exe
File created	C:\Users\Admin\AppData\Local\Temp\PortableApps\Desktop.ini	PortableApps.com_Platform_Setup_26.3.1.paf.exe

Loads dropped DLL 4 IoCs

pid	Process
4560	PortableApps.com_Platform_Setup_26.3.1.paf.exe
4560	PortableApps.com_Platform_Setup_26.3.1.paf.exe
4560	PortableApps.com_Platform_Setup_26.3.1.paf.exe
4560	PortableApps.com_Platform_Setup_26.3.1.paf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\PortableApps.com_Platform_Setup_26.3.1.paf.exe
"C:\Users\Admin\AppData\Local\Temp\PortableApps.com_Platform_Setup_26.3.1.paf.exe"
1⤵
- Drops desktop.ini file(s)
- Loads dropped DLL
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PortableApps\PortableApps.com\App\Graphics\AppIcons\FirefoxPortableTest.ico

Filesize
1KB

MD5
54dade846214e8c6b886f653077de7b9

SHA1
e547b08f4a12b2c1277a42be32a7f4f5f8c390ed

SHA256
2a2764e81c1bc960b4d2ededf9b7ebdd39e6ab10561847dd5984c19de81e1b60

SHA512
88eb7941371177ba5f01c325ca7c1f74d67d1cb3ec084b65e54151db8d15d4a876305fef0b64cae85e9dfcca6964dfc56590bf292eecdf576c0d20071fc58ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\PortableApps\PortableApps.com\App\Graphics\AppIcons\OpenJDKJRE.ico

Filesize
1KB

MD5
ef4e47cf59a8be4b362c331feae1cdd2

SHA1
16f258642e68220386e62caf1b4e5b89b1071be5

SHA256
5063a291a2d861f5463ae077fbcdc40dd8fa9a4c8702065cf0192a816ae360de

SHA512
d3d188112f77c4ed57e818baf3ce2de384c05ca92600ab2e5434e1f31116e936cfc16484b99c0db0868f279a5a9c201e610bbd519e19938fbf76d6fbebd494d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\PortableApps\PortableApps.com\App\Graphics\AppIcons\jPortableLauncher64.ico

Filesize
1KB

MD5
202d3e4231ca71b15724b4930b1a5575

SHA1
b1cb7bbb68ee83ee80ec4b56a6d367f0cee7a11e

SHA256
e9670ef72e163aeb2c43c27c080bec7af0e0c5d98a8749e3fd58eecab2542987

SHA512
ac9e69759e0b7b97243a2860b9190fb1ee70ed48761240c72eec68c55a53517db87eb12e97b0f2547d168b283ab536611e999f1abaefc71c28343d40ddf7fea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB102.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB102.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB102.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB102.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB102.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit