9758e1dbb6795ceac19510337c9b9bc4186a89ed39730df4a8372a4687967e5d

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

plainamp_023_setup.exe
Size

756KB
MD5

71b5f1132e581462fbd905758e7c6499
SHA1

68d89c1cb17b6281311af9231dec39ecf26f3950
SHA256

9758e1dbb6795ceac19510337c9b9bc4186a89ed39730df4a8372a4687967e5d
SHA512

a6fd1160a3a4c6222e97512e2bf755f77625a4f84382ff91222718af5e7f31bf93f9268a1cab7a25fac32ca04bc9beccc2c723bda9f3bb80d419c9770f6ac33d
SSDEEP

12288:d2XxJT5dCpk6KTM3GSW1AL44p1mB5JIXwusCIHtKzL/pCEfP017DEsY6FQwbfUiv:+H5dCu/P1AJ1mB5JIAushAd01nLxFvUs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2212	plainamp_023_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	plainamp_023_setup.exe

C:\Users\Admin\AppData\Local\Temp\plainamp_023_setup.exe
"C:\Users\Admin\AppData\Local\Temp\plainamp_023_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst6CC8.tmp\ioSpecial.ini

Filesize
696B

MD5
d6bbee2bafc32c2ceb3e5ddd75c991a8

SHA1
94ff621944639337de37b67bb4a2dbd437cd10d2

SHA256
3d2e528e00721d907888027a8c0a22fb847e3facbe7dd6e83859e13e6e9202f8

SHA512
3a1dc3ad06eac930615590b6ac4e6a0fc12f0e2aaabdb5451ffa013eaf3c49ec708cab02f0cf13d972eb900f4eb8a143babeb48d156ed5f0b1a97b08586b8aba

Download Submit
\Users\Admin\AppData\Local\Temp\nst6CC8.tmp\InstallOptions.dll

Filesize
12KB

MD5
99bc22826a0568dce241be3a4ffd0c0d

SHA1
62e4662250abdf10d23a61076fd7cbd00a5c5b6f

SHA256
120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de

SHA512
35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9

Download Submit