63a79c007549516cddd2fc5985251adbeada935a116c12bb55f0021bb913eaa3

Analysis

max time kernel
1s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00d8ba2b1b912d096939f17a5469172e.exe
Size

3.3MB
MD5

00d8ba2b1b912d096939f17a5469172e
SHA1

361fe44837d88c74a2d5099fc19504631099971e
SHA256

63a79c007549516cddd2fc5985251adbeada935a116c12bb55f0021bb913eaa3
SHA512

1a02aebabdf0332f61bbff55afa359d58f01b3476feb1d9c83dee960d403817c8d41ad92cc39d2e55d4541e4a9dc3f8b680ccbf256eb7dd2063133cd8bcdb451
SSDEEP

49152:j9Eqr58vFf+4jWMC50tCP36RktzuuTT+pwsdPd5XDv1TDIkXSWa6KPkwgmPm4GtR:2quvK1GtCPRhTT+xdPdlr1/nU9kwRLEj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1012	00d8ba2b1b912d096939f17a5469172e.exe
1012	00d8ba2b1b912d096939f17a5469172e.exe
1012	00d8ba2b1b912d096939f17a5469172e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1012	00d8ba2b1b912d096939f17a5469172e.exe
1012	00d8ba2b1b912d096939f17a5469172e.exe

C:\Users\Admin\AppData\Local\Temp\00d8ba2b1b912d096939f17a5469172e.exe
"C:\Users\Admin\AppData\Local\Temp\00d8ba2b1b912d096939f17a5469172e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsk53A0.tmp\tools.dll

Filesize
37KB

MD5
b97eb37278d3a1895104d6060ea166c5

SHA1
c499a9aff27a2a2d2130d389176b003171fce1bb

SHA256
68fd2beecf027eb1d04889028f63e61c5e36bc67f1a925cd6940c1db0036b168

SHA512
629b4b781669438f994faa1a79f6933628931ce600652e5525cd797abe145a3f5371c09ad0a15d6689a35e5b3b6242bf6fbfcb52060c636dae5bdae1e2e46a71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk53A0.tmp\tools.dll

Filesize
78KB

MD5
dd186c61bec10e92d43aa930df5ffe2a

SHA1
e7634feb804604527e981d1e10f096977d3e8d50

SHA256
68a0a1780289502c789eb9670e9c4cef1e307aded0a74cad6b7ac55722160d97

SHA512
dcc86386d2bf518cf910314c4bd85bc11c1a36643aa7a6735d83696c47b49aad7ca42c4ec7eadc18e7f485cd8d976665229fb6d0338efe00aa27eadaf6ba805d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk53A0.tmp\tools.dll

Filesize
60KB

MD5
4144043eaedb1fc56c60f4930599530c

SHA1
6fedf9490c67e6c8e5ae10f5ff59d41654a44ba4

SHA256
6276f17e6c8d886a820fe37214aed69a4813e1abbf86969cb36f1e097506deaf

SHA512
4bc22fe6a75c08d9e9a876945e419f96cc0661458bb1f183e5da5ff3e3148ee5123d1a51da8611002ac6c406fd5927f21e2b13eba3439a47561a1274eaf3b8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk53A0.tmp\tools.dll

Filesize
55KB

MD5
4a8ee655570a29b45a7f7930debd5a7e

SHA1
a0713987da57bad3c54e0a6a2ef9f0331914e739

SHA256
8ca5dcb71bc7e0778784da52c75d9b3a0d4a69b2b75dc0b0cccef3d1660272dc

SHA512
ae1fa784dd1c82a3a81b76cea6f6ecd74eaed871d4e9d3ceae931fb61b81824025cf7f583fd8b07e05c75524dace6329c1177a871fbfb328a2105097f6b9555d

Download Submit
memory/1012-28-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-33-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download
memory/1012-25-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download
memory/1012-24-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-29-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-30-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-19-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-31-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-32-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-23-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download
memory/1012-34-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-35-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-36-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-38-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-37-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-39-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1012-40-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download