f85de77398b0a0e1aecb95b243ee1fea8a95a0e2dcffea5ce1e96564f56e734a

Analysis

max time kernel
224s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d717a02e843ccc2a425c0fbe356daf8.exe
Size

322KB
MD5

1d717a02e843ccc2a425c0fbe356daf8
SHA1

93d625bd40e9b3b1e1c0c7a7cbc41e58d84bf6b3
SHA256

f85de77398b0a0e1aecb95b243ee1fea8a95a0e2dcffea5ce1e96564f56e734a
SHA512

8865e812d288cafca15edc1eb1a8df76039e43f54a343ebb717e67ba5435a06aba6abfbf330b76468ef8fd681e9f6e4a83c129306a75ccd8ba894937747b7fa6
SSDEEP

6144:GsqwIsNU1nQ34ZX/RiWar4/YxfhzK66FNqu7nlhpIF78ovpA:0wI2ynQ3c0Nr4QphZsz7nHpIFQkpA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
852	1d717a02e843ccc2a425c0fbe356daf8.exe
852	1d717a02e843ccc2a425c0fbe356daf8.exe
852	1d717a02e843ccc2a425c0fbe356daf8.exe
852	1d717a02e843ccc2a425c0fbe356daf8.exe
852	1d717a02e843ccc2a425c0fbe356daf8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
852	1d717a02e843ccc2a425c0fbe356daf8.exe

C:\Users\Admin\AppData\Local\Temp\1d717a02e843ccc2a425c0fbe356daf8.exe
"C:\Users\Admin\AppData\Local\Temp\1d717a02e843ccc2a425c0fbe356daf8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nseDD8.tmp\ioSpecial.ini

Filesize
1KB

MD5
698d8d1c7bd5e6b22cfad88425d205c9

SHA1
77e2e4905fcc5134d3526ee82050efd025fdd16f

SHA256
b21c089fb0e65998703b0c328986491bc94d1af8e430e9f486b52c396f00e04c

SHA512
c31dac01734be59242e6f08c542b515208e84ca1c29a7ed5801a85fa172c4bed9fd243f436e4d22e0cafa2810678344f849e5f7024ea61299a12371ed45691d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseDD8.tmp\ioSpecial.ini

Filesize
1KB

MD5
44fa7df868157adf89e8b467e7a3819f

SHA1
e1f5a820b2a0757749da977fa82ac164f1085ea5

SHA256
bc24ad06179d327c035f851895844ddf974814ec8b0b135c39ec63839fda784e

SHA512
e297c1229d1bcc3d646f052725cd26d56056031b056a65ebd302b2efd1b34e05b1a1a81882e41173639a41fe1623b0a2b719c15899823f4c3af57615b469b202

Download Submit
\Users\Admin\AppData\Local\Temp\nseDD8.tmp\AdvSplash.dll

Filesize
6KB

MD5
a1bba35c752b36f575350cb7ddf238e4

SHA1
9603b691ae71d4fbc7a14dbb837bd97cecac8aab

SHA256
0667863d71a3021ab844069b6dd0485f874bf638af478ab11c6fb8b7d6c834b6

SHA512
eb5d3498dd994bec42a437cf91343665d3c35bfe3f6277a7393af6a0b8348772c3166d9be48955edddf6ef79fa508ec8d4f96d7d5df37ecdc52c90042e0a2967

Download Submit
\Users\Admin\AppData\Local\Temp\nseDD8.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
\Users\Admin\AppData\Local\Temp\nseDD8.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nseDD8.tmp\UAC.dll

Filesize
17KB

MD5
88ad3fd90fc52ac3ee0441a38400a384

SHA1
08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

SHA256
e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

SHA512
359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

Download Submit