148ae2d6301585e439b30117a6de1c59c5c6277f696fa5ab8483240cc0e13235

Analysis

max time kernel
2s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb1250d6b980b4688a792997572c2d0.exe
Size

276KB
MD5

0cb1250d6b980b4688a792997572c2d0
SHA1

b7b7e6dd5c398879675b1a53462cde5bcd62c4db
SHA256

148ae2d6301585e439b30117a6de1c59c5c6277f696fa5ab8483240cc0e13235
SHA512

92d4a4988e40477896d27ca1accd8d933eeec593d9334793ed042b52ea9f2e497ac1d9f247c7e081ed056ebc70b17adf44314f20a343339ddbbed4cb53da360a
SSDEEP

6144:9saocyLCtcZ3oxaJ2ZAazVHN/VE6ACAAph5OZ:9tobXoxakJVt/aLAX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	installer.exe

Loads dropped DLL 2 IoCs

pid	Process
536	0cb1250d6b980b4688a792997572c2d0.exe
536	0cb1250d6b980b4688a792997572c2d0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17
PID 536 wrote to memory of 2728	536	0cb1250d6b980b4688a792997572c2d0.exe	17

C:\Users\Admin\AppData\Local\Temp\0cb1250d6b980b4688a792997572c2d0.exe
"C:\Users\Admin\AppData\Local\Temp\0cb1250d6b980b4688a792997572c2d0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\installer.exe
  C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\installer.exe e176d94e-d9b7-11e2-a752-00259033c1da.exe /t102e1e7c87417a53800fb32277c8ac /dT131950047S102e1e7c87417a53800fb32277c8ac /e9041377 /ue176d94e-d9b7-11e2-a752-00259033c1da
  2⤵
  - Executes dropped EXE
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\e176d94e-d9b7-11e2-a752-00259033c1da.exe
    "C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\e176d94e-d9b7-11e2-a752-00259033c1da.exe" /t102e1e7c87417a53800fb32277c8ac /dT131950047S102e1e7c87417a53800fb32277c8ac /e9041377 /ue176d94e-d9b7-11e2-a752-00259033c1da
    3⤵
    PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
604B

MD5
a8c8eb8bf71ea727e35148b09b26fec7

SHA1
f4ab4a15766b9d1e7253ecbb20973af8affbdb7c

SHA256
21c9949032173647ca9cd7fd03822577e2eaeefa0954974f9dd8a9d7ed4c0e13

SHA512
dc04414bf8dd78dafef8d5582ced4c8ab9e466354c03ddaa3014c1400934692a4dbabbf6200616e5364b4a69ce4192f283852a126c1e938a1705cd005d0c6d55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
188B

MD5
9840e0c80e9e3499857513f43cc6fcab

SHA1
7753a4061427e98a7291d763f6b09c7f93894e4e

SHA256
ccd03b7fbd9cf9300d70c4a6d3acc72dfad0e409033aa0726f0b2d50e27ea37e

SHA512
bb7d48ed3c23ab443b1a71df0e702ebfb1e8069c2bf888f7c96bcc3b295e3af0264c9d2381ccbb2c313a47539440fa7cd230e5e866b0bf5604e1c551c90d164f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7abac504a6789932b32d50059f489a66

SHA1
3b7f2b4015587c4b7397b816f8b7379d1ae4f9eb

SHA256
88acd3c9e2d1b4de56a067abb63261382d2f8e28a3c43b13d295bf9d0167e0b8

SHA512
46a85e9d24f0eadbb4f4b6f6b42c8300e5094b000d00fe142cc69b861dfe745afc95b2c82bdebc547bb5e30c7676bfe39d0471ab87223ed6c077cda9f378e980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9

Filesize
404B

MD5
a86cbdfdaa385d05be2454b309cc7b92

SHA1
b0dac0fcd207fc6ada2069401d4e3deb6e85aac3

SHA256
eff5b8ac64ba79d373e4003c4d7e6c1dea896098f9600bf7f21545ef6bd0d9cd

SHA512
8a2760efb4669b498af197b7d7db514eb643e5929043b18ab3a37bdfc6db56d1760fc2da1934c992d441fa38a231dcc067859c64d8a3d3b8e2b0526aeb55fb13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6827.tmp

Filesize
17KB

MD5
ae993404712ae1bff1b48d26675d4cd8

SHA1
4ecb8616424a47a6319f932f06e284218a01c85b

SHA256
4e49700d68c3b79531d34e58f2046b44e478e43c9c4eb577caa9c7da12be01fa

SHA512
57264dc0ea5980ce18adcc77c7512e2915450934510cb7fbeee3fe670aa176f21e579eb22e2ff2886cc326a414d7cb920cdd11179dcfd081e5727380a0d26ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6878.tmp

Filesize
24KB

MD5
3d375109ac24bdbc32c298e6e862b4a1

SHA1
0ecc6c6bf1c092ad9b3e063a541ff592a19d4340

SHA256
9d6a6b2dc28ee2fa3b29d1a4464ebffb86d16f9d5391c47926cdb29348093787

SHA512
736967db71df394f355f404c3e94ce3e70399d80af89ed76da311a60a91248cf5a834edfc6db540364b680a52f98866883bc66de98d3b9a5c9df0187a3ef2208

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\e176d94e-d9b7-11e2-a752-00259033c1da.exe

Filesize
1KB

MD5
1a0332608a00f13b6602c02b46df66a4

SHA1
6e3749e7cbd3a28f94508bf91b6638f5104e8261

SHA256
95bdaaa51c769b9559c62d3b73accc6467ad3b2ee3721ec0015ea0fdac528fd9

SHA512
79dd3cc253d22d5b14fd534b600a6c591a0c1a04d4418733bbc6e13c9753f241bd9f1756bca9e42947216ce1352f3fd434b9da83b64af4e10bce46206b5106d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\e176d94e-d9b7-11e2-a752-00259033c1da.exe

Filesize
14KB

MD5
bb2e5e2563cc71e74fcaa3545510d473

SHA1
0b9304887b53319b9e302a7c3302a1d3aad6f918

SHA256
738f61fa1ee719ee18f43d76a183059d2262008a48146b4636a76790d0bda4e0

SHA512
603c82c0685c2beb573514fd20c9641347959727fc54c6ef4610082cf25c87ccd015e5a14b7d78340bce971adfa903054a929d9ecf966d1d3244c2303e70eaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\installer.exe

Filesize
65KB

MD5
6c4cf3a146ce225c92bd0e4a1e8d1806

SHA1
52243108d0fc05bda761a9befef9ef93e8666355

SHA256
33c91c32fe49bd7c3184b5b342ca21df691a36d58e51021a46a7f39a813ea93e

SHA512
ab1589a3ca9e7c72c41d67d4deb38b5c2ae9811543d0c20fa79396aee53a51177a4eb6471ed34c1064823b7184e36a34720e4cc4681da7f768e0fd2125a88a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\installer.exe

Filesize
1KB

MD5
79caa21c79b2484c4839beddb8e1920e

SHA1
d38c709bd0864292c3591efc2621be6b57de15c9

SHA256
6c268c1930e1e80ae663df17660a9506a936a3220a91e8382fcecf2c83897e93

SHA512
c0be631a444684f5432c5a47b35119c773bc1adfc381f7bfe045595f2c4b0c14044a736762d1884312d15cdbe03fed5357e224bb6ac0c02c9470fd911f0c0cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso64BE.tmp\nsExec.dll

Filesize
1KB

MD5
4af0ca044dff80f640782f501c6d8920

SHA1
03b3ede772ec76b5b461030cc0a343634e6a8543

SHA256
ec6589749abb873b56f67959ea7a06556b7403f0a23daf2ccc52ff3aae35634a

SHA512
e3b02345ecc0dfde9df629a07b65bac414484befb1281cf6d9b55fad9abad8c9c9f36ab7418d544c6bfb7c0ca59d134b1a4696b31f0ffc9cf28a3663ab892807

Download Submit
\Users\Admin\AppData\Local\Temp\nso64BE.tmp\e176d94e-d9b7-11e2-a752-00259033c1da.exe

Filesize
28KB

MD5
0418287cbefbe0175738eea7af3b3dcd

SHA1
27746675b6a893a62529079c7cea498e71ca3265

SHA256
a1e36113777cbe3594d6a5c0835e425a6c80fa8a0f269bd669d655994d13a00b

SHA512
e4593cd1ed6cfb1e7c514959441824b8a90170b86a8cfd4d090ab97d4db359778f6954417fb884e65f815568986b202296704c2351875ac800f6c1ced0f97996

Download Submit
\Users\Admin\AppData\Local\Temp\nso64BE.tmp\installer.exe

Filesize
39KB

MD5
775e9121a1f033c67d05a9315a8ac090

SHA1
a03232fee4d263c24f35628a44276d4f39065a98

SHA256
2f3b1a8346c88166aa3813cd68a254c201529c6a65a09494959c9e2bfa36995d

SHA512
76fabc1c05fa74eb0758091486fa77ba1adfcd204bdf9ea0f4d47f9ae4448dce61c7c77a1011136f8775bd94a3459c530c04860929a4672d363e777c253bea75

Download Submit
\Users\Admin\AppData\Local\Temp\nso64BE.tmp\nsExec.dll

Filesize
8KB

MD5
9f4abe9c1c095cdb505df5db52644d44

SHA1
94295f495f5535e0143107d3ca34141c943ec0b5

SHA256
e41bd375070919e1e194a7c1ca722a30d648a7fa7a4b5c33fb05660813c18bdf

SHA512
d1b6ab6d3e51f69e6ec79aa23629afc9ddedd8a7a668ea61b06bec115c95e2a35dca3ff9b9eb649e4bfece9a2fcd0832fed45f2308dca874f6e819708ed48169

Download Submit
memory/536-105-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/536-93-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/536-94-0x000000006E940000-0x000000006E948000-memory.dmp

Filesize
32KB

Download
memory/2728-95-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2728-11-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2728-12-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2728-20-0x00000000003B0000-0x00000000003F0000-memory.dmp

Filesize
256KB

Download
memory/2728-96-0x00000000003B0000-0x00000000003F0000-memory.dmp

Filesize
256KB

Download
memory/2728-101-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-99-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-100-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-81-0x0000000001E80000-0x0000000001EC0000-memory.dmp

Filesize
256KB

Download
memory/2916-80-0x00000000749F0000-0x0000000074F9B000-memory.dmp

Filesize
5.7MB

Download