42a6e450a4d7eb0ad52fc79096e1f2c7691b9452baab9ef762111cb12ee0e794

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04dfa2a5912bb84e6da07b067a67aeef.exe
Size

180KB
MD5

04dfa2a5912bb84e6da07b067a67aeef
SHA1

6977b2ab2967180501be42d530aded23dd08ed8a
SHA256

42a6e450a4d7eb0ad52fc79096e1f2c7691b9452baab9ef762111cb12ee0e794
SHA512

df290df232b7aa4fbf35ec804b00a0749d95869a73b37b36a1e5467e9ed188c6ccb531013ae0d3bf11a2a36f08b78919d7bebad7e861c327c68954002603b17d
SSDEEP

3072:xLk395hYXJm45+QHO/Ej4nRjy4wetX6tvsq3RVTZPsfI6w1ZoNbqUYP/wwds:xQqM1QkEyRjtX6t1ph1ZoNYP/fds

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe
544	04dfa2a5912bb84e6da07b067a67aeef.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\1ClickDownload\torrentdownload.tmp	04dfa2a5912bb84e6da07b067a67aeef.exe
File created	C:\Program Files (x86)\1ClickDownload\gzip.exe	04dfa2a5912bb84e6da07b067a67aeef.exe
File created	C:\Program Files (x86)\1ClickDownload\mainpacklt.exe	04dfa2a5912bb84e6da07b067a67aeef.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\04dfa2a5912bb84e6da07b067a67aeef.exe
"C:\Users\Admin\AppData\Local\Temp\04dfa2a5912bb84e6da07b067a67aeef.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\NSISdl.dll

Filesize
1KB

MD5
53bed1c9fa1d13d27cb3f5b75dfa3d18

SHA1
9a73c7c60ed8de903880c1c2cbf49db212968ed6

SHA256
5a971fadbb73e21fe96734905392b92fc47ca8f243dcf0986d81bf361c398f85

SHA512
0a88c16be3226821b64a2f0dd1500e762627bea2adeab0d87ed9e5863b8b7a28a1b997cc200f8acb1fe025bfb4ccfa52423bd78e920a4f50d554e3996350e497

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\accept2.bmp

Filesize
16KB

MD5
f642e8cfce23aa5d124533357de7394b

SHA1
80ce98a2bc4b416db357ea52a74424d742cfaa55

SHA256
f1bed304ea1d96094c1e4e3f8e112b7ce15af4441192e73c9144f774ad132d2e

SHA512
d0ec47e3a69cc6c6f54e8ba58cade7875ace43b66946e7bd4b678dc246c61acf8d36aeaf80082308f08783c28424c5db601bdde1d820f7797b60ca4fe948ad26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\inetc3.dll

Filesize
1KB

MD5
5a25b7bc209e4d27dfcc1607e578b686

SHA1
cee71f248e9b75a2005398c931a8b42992fdc7db

SHA256
7b3ba30c113f9cf3f241f9084b32d995d1364c89f137380068a16af38e91aed6

SHA512
b73dfa4b6cff622f0aa84def0f76c5e43fd12cb210f0c1c3c5ee5c5caca0ba571c473de528653e1b5f128e1279ec05d7464810accd98bf66a5cbd53e1ae13b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\inetc3.dll

Filesize
17KB

MD5
c19d1be4ceb59c30204b3154ecbe4f9a

SHA1
4cfaf41f94e8229ea2ba3cdce8dbc955a82b85fb

SHA256
53ed698e1bfeef5642dd1e1772bc4a9e265f6685fe96784a38ae150f2c5d1e26

SHA512
e680bb6c8d991a27a5fde06518b0e43a3d6330e6ac10dd8ab36e3ff486f3ebe933911b7bdafd00ea21e1e5f5d640166a5ca6837d9196569fd194b146d6d9b0ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\inetc3.dll

Filesize
25KB

MD5
9d8ce05f532dc7b5742831ec8a63c2d8

SHA1
b014365f723c78a84bcdf8a46cfa016eb2b8dbc5

SHA256
fcc46c2e60931a76fe529a9fa5a85ba2f4bf7907d651161f92fc524ac4747982

SHA512
98f268bebf0c82d019873a7b109e1822011c0532e6a6d8ba94d2b8a918d9558f4db89100b6ee357c9c510ff56adc349e619489fd7e8d21e7f826877185ede3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\inetc3.dll

Filesize
11KB

MD5
6c6142e5d032f9877e75c6bc8d8f0ca6

SHA1
1a8f6ffed8876ee005dad80ce8235f0d6e38d6c0

SHA256
1fbea0897da039108b101a066fb5a2ee0df1273633525a651eb5a694d7556cc2

SHA512
3c4ab4bd60a6d5e125d07b3969f3444beb3a143ce4ab2d8da04fbf59a8b70cccfd12ad2097028b74e22c8a79fa03a88dc6fc1e8ce540aa45509fa5baf892bcc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3ECF.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit