71478578a596de51eb891e19998402f001bb38b39cdda0883c166cf8d8e2da6f

Analysis

max time kernel
140s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:48

Target

04500c6992d5cfdd92a651a6ba127bca.exe
Size

479KB
MD5

04500c6992d5cfdd92a651a6ba127bca
SHA1

09f4070d9f1f837c2882d854503f81edaa0a334e
SHA256

71478578a596de51eb891e19998402f001bb38b39cdda0883c166cf8d8e2da6f
SHA512

97a7f21b3972c6e00334ea4b05d3a2ada2e710869e828f0adc574fa709e186db61dc67a8834cedb76564af9920eb6cff97f4686742cd8ff553f0fda4614ecd21
SSDEEP

12288:jM4t7CcVmIo0ZMYtnH3XqG9zcQ8jPA2ZqjUiEvD5pg23U:jM4t7C10FnjtcTrhZEJEv0EU

Score

7^/10

Loads dropped DLL 4 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\04500c6992d5cfdd92a651a6ba127bca.exe
"C:\Users\Admin\AppData\Local\Temp\04500c6992d5cfdd92a651a6ba127bca.exe"
1⤵
- Loads dropped DLL
PID:3504

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsi8DE9.tmp\NSISdl.dll

Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit