Overview

overview

10

Static

static

10

38d03a8b56...40.exe

windows7-x64

7

38d03a8b56...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2023 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe

  • Size

    38.8MB

  • MD5

    60afb2afc7a84f42329e87fccf8e21dc

  • SHA1

    59514bcfecd53e8a9619f420b00e2d00f9552ac0

  • SHA256

    38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840

  • SHA512

    c4c8c7789037ece28f8fe799c4f512bf6c8246f5e6672f6a0567e74c7f91da84c172ebfb5ee0aa8707322fbb63563caee38b85f1696ecbb67f8c75b4ab415c94

  • SSDEEP

    393216:p+tYgsxPOzdUaOoVLB0lrwKP8OVTKLbBbD90NkVbUsTIDoL8qts5sl:UY5kOlr/9TKLbB3VaqR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe
    "C:\Users\Admin\AppData\Local\Temp\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe"
    1⤵
    • Loads dropped DLL
    PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\Microsoft.Win32.Primitives.dll
    Filesize

    7KB

    MD5

    8d41f9009844e3407a1e3d4a2ef0aa8c

    SHA1

    8f40d3bc455820acc205b9c15febe9b6b986a155

    SHA256

    6774e830aeb8413761b0e0d716354644c283af35430fdbc86617f1253a3ccff0

    SHA512

    90ac0505b6304360e0f455f9566b199297350d89f662fcd7d47ac8d3306e995bf1ea61ce25a5f83bd27b0534d1a5f9444d3005e6ec5959146570a312418a8546

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\RWDWrapper.dll
    Filesize

    143KB

    MD5

    82749f7dc6e64dae85614d95beecdec4

    SHA1

    c931839190343154b1dcb2f6bd0374aa4bcceec0

    SHA256

    55e21c4b97ef6ea7c4b01e38427a0a271b0ee7a91ca4aca4a4f78622d1459720

    SHA512

    fadbad9ba67a766f293b9d77d7d75cf00ab11598d0142bf0c50b67fbfbf689b26f8dff72fbcbdc3b02ff763ef36defdfa5b27294e6352cfde383714b5dde2814

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.ComponentModel.Primitives.dll
    Filesize

    20KB

    MD5

    0c9845f41513a2631dcf42450688a37e

    SHA1

    bd229b06b21d76066eb88f3228b09c8db89958c0

    SHA256

    161fababb5153bafdbf7f44e4cfc2ae871d99c4d70db19e29ffe37726c81e61f

    SHA512

    9a54cdae021d54e5585c5bd926c9ba6f9a2568480985d57f5da5bc8d13535516d81fbde563dad476203c47b3754072ded01fe61ca85624120767d291b0e98366

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Console.dll
    Filesize

    61KB

    MD5

    e58dd22613bc197df11ed11216b55bab

    SHA1

    41e1749ecf1d5ac07c9246e4a8540ed9dba35bc6

    SHA256

    3655e6959628574de2c73654e8c68fe0347851032ef3035b40e5e9e8e193b31a

    SHA512

    baf66148773310e49b12982db8215459d9f6a528b4fe0f917b5a865ce4dc45ef71f37b0d02f4c6ef2ab6e29c96e8806ef1c19e20f5f7df4a9562c63318afbbaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Diagnostics.Process.dll
    Filesize

    102KB

    MD5

    6a98818f32f106020784cc241f7686f5

    SHA1

    1111531dd9b45766ad14c8be21c5f518ca8b2386

    SHA256

    953a575cf40f5601fcf87e56e165dfab1f4939edf7d0d8d0ed0f4c13c33a8ef9

    SHA512

    664869eedea023ba672a9b88b59fb6d0e80f60aaa2c331d6c869f30ba131025c95a737212cd55bd7e19c4129652b9f3daceb74358276b65fca9eb4432fa38974

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.IO.FileSystem.dll
    Filesize

    83KB

    MD5

    2332d90506ceccfdb300e74c9c3c2ab2

    SHA1

    05c0663eba2c20ed5f3091fad3e47c69b65fa391

    SHA256

    6d032b47e4f85aeb52ceab958bace26aa65243894ab09c1cd9fb712ca0f45f58

    SHA512

    c9548a28cae3ba6ba723e31ede90fdd9dfd9fade725aa9605de6d069420425f4848eb3a936d78c3a24e495bee66f9b0080566046a2543f2308ce1da1203b050f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Private.CoreLib.dll
    Filesize

    5.3MB

    MD5

    c6ed76afc985a6ccbab4d186a88dbc4d

    SHA1

    b37b945cad3454f4b32cf9aa3acd16f8a5ded087

    SHA256

    19009588c37d7de42fc3a0688bb1873ef377d4e31709d4cf01f9812adaea2b8e

    SHA512

    5410ec2ce2e0a0518859338f5496ebacee0406fbc1492db2f4df40d6ce1b38bdf10e588ac2861743a0fe3df823a73b8e333a5bcd542e0b582ea1aa514c8fda3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Security.Claims.dll
    Filesize

    37KB

    MD5

    66986baf160237749a1e80b1535d0f8b

    SHA1

    8896b7b59793fb06d52e0fce5d1fdf1f5aefe694

    SHA256

    cd05e15b32f9e9a45fc5730708d979a41da43893e9d3eb9509a6e88db104b9f6

    SHA512

    288af028476c46b95e5d744532e36f83ca4952656c7e9e321de5c6e1c1b956dc88f2dcd846b61a0aa3211686dccbe8fbe75032ee8d6bdab853cfe45347cfa4b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Security.Principal.dll
    Filesize

    14KB

    MD5

    38f2196ef024547c680d5e5e0673e611

    SHA1

    203c625ab917bea623a24a7f0f4a44be18af865c

    SHA256

    2c766be11c8b9ca8f1c838ea74972aca1c51c96ee14ea1911b0c13a1fd456368

    SHA512

    8e05af95ccb9b4d4cc999a9ad9d2a3d76b193e4860a4ed31f4c31577fe7aef742aa17410824c54868277d8cc0d07cd25183caf9fac45747301e7982f5d081c15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\clrjit.dll
    Filesize

    1.2MB

    MD5

    cbd2aaa58e463492afa6d251b10558ef

    SHA1

    7235789f730868f78f3db183871eb27a22b8f86d

    SHA256

    a14232fefe2f922b7fdc98338cb47eb769f13bee756edb269b6c0e62a29fe4f1

    SHA512

    90a58582361bf04baa353373233437411e544cdae0d99ba531349699df528a90b188d5b9b9404c9fd5bc4b054bcaf03606f6643ec3f6e7dee6756bac0b468ad0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\coreclr.dll
    Filesize

    5.3MB

    MD5

    1b66ba3e5018d8a72433be018b7165bb

    SHA1

    644f6194166a270c473bbeaa38089a257fa3c291

    SHA256

    c956c6551e44bd33f237e7dc7b058f56f9acf959d854b185a81efd7340cc7552

    SHA512

    2d6be521fbf509b6dda91c6a6fcc8db71a8214fc27156d24b2a7d7c07b59f7e9da3a2dc5ea26cef9db8cda716dec380fd5359349e0900f8a92c5c50f40f5d2a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\hostfxr.dll
    Filesize

    586KB

    MD5

    f2ba4fd414a6a1a698b20768e3dce4b6

    SHA1

    f4a4082454fdbd64043b7a9abd89def9622949ab

    SHA256

    4996064bf4462a05f66995a1cfa92856783134b520e6f3098b85dad57e0dce44

    SHA512

    a4b9fc9d30c72ace970e82988cee49c9da2ecca813c01933d25b175cc57f9d68d61466f35ecc4754ce6cb4ea5563e533e09821e2fab461341f2e909114069652

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\hostpolicy.dll
    Filesize

    577KB

    MD5

    1d98c4642c5df87d02122a5d1b76aac0

    SHA1

    f8790ac5b9a97182130fb18da2fa74eef4ef1d18

    SHA256

    8fd5bc9fe7eec0a06aea516e98c239a548060ede87126f077d3bf811c412fa5c

    SHA512

    ee17d6c1bb52ac68c1deeb6ac25b2b65b3725828efc184809f80ab20a26bcbb001677ed3ab45bcfa3a372cd4e65bebe8c9c901d96da277fc727c2f0d6df89b0b

    Download Submit

  • memory/4380-146-0x00007FF8A7510000-0x00007FF8A7A7F000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/4380-182-0x00007FF8A7510000-0x00007FF8A7A7F000-memory.dmp

    Filesize

    5.4MB

    Download