Analysis
-
max time kernel
164s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
15/11/2023, 11:19
General
-
Target
Nero_BurningROM2017-1.10.0.4_stub_trial.exe
-
Size
2.9MB
-
MD5
a9177b948eae0fda932d3a31c3eba318
-
SHA1
88a79b77bef7c125c96ae83875d0ddaa2095f156
-
SHA256
209e24b69251a5612b314ce16c87eeb3dd02ae7278054a9ec2dc3f6fd4b21208
-
SHA512
c6b2f4cb5b87a31388ee976b42f2a7a17b94ad75275d5235e71884ffb366f09627b58d82bb87afca1480986cba73345649dee08e3d0c556db8b9422102ab3a82
-
SSDEEP
49152:c1OsuWbHbPa5Khld1kZFdrUxWh/9NVfoYcri0Sd2YRAEI1XaA94r:c1O/27S5C1k5rQmNWYyiRbvUe
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nero_BurningROM2017-1.10.0.4_stub_trial.exe"C:\Users\Admin\AppData\Local\Temp\Nero_BurningROM2017-1.10.0.4_stub_trial.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zSAF94.tmp\NeroInstaller.exe.\NeroInstaller.exe -GMID=NBR20172⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.3MB
MD5532eaadf82df737aaae71026415e8727
SHA115988b0c0df73ed3044c583b7677e7a3146c8383
SHA2562e6a4d637ed7b02824dfd1bafa33b937f7120537cdd5e71e7dea02a88849aead
SHA512f7fb1c84164e361e1551a07f73e1b2715ee56bf8aed236b98627546557354c3e68a2f4bf6a9e0533f18d759cec4322f22a777fee8338ccd6ad6a078b7559c1e4
-
Filesize
7.3MB
MD5532eaadf82df737aaae71026415e8727
SHA115988b0c0df73ed3044c583b7677e7a3146c8383
SHA2562e6a4d637ed7b02824dfd1bafa33b937f7120537cdd5e71e7dea02a88849aead
SHA512f7fb1c84164e361e1551a07f73e1b2715ee56bf8aed236b98627546557354c3e68a2f4bf6a9e0533f18d759cec4322f22a777fee8338ccd6ad6a078b7559c1e4