3c72e43332b0c1005d6ec7219047c1f4064ade26a34e1934224dea1bb4a18d0d

Analysis

max time kernel
7s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:58

Target

043ebb7f756ff94df92acfe375028489.exe
Size

1.1MB
MD5

043ebb7f756ff94df92acfe375028489
SHA1

0804dfa957ca99a453c61d3882a0c61c0ae4f804
SHA256

3c72e43332b0c1005d6ec7219047c1f4064ade26a34e1934224dea1bb4a18d0d
SHA512

57f7cb7ee980a45f8fe441620c749e1550a5c429827b9e8cb4b5ec66d6aae528bcd185ad336f4fb31e8ab3973e7eceed221baeee360f42017be5b63c310cb9f1
SSDEEP

6144:xe348k201q1zQbe9DP3lpr4jAxLY6zEVagKS:E3zQcbRx9AVPv

Score

7^/10

Loads dropped DLL 5 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\043ebb7f756ff94df92acfe375028489.exe
"C:\Users\Admin\AppData\Local\Temp\043ebb7f756ff94df92acfe375028489.exe"
1⤵
- Loads dropped DLL
PID:2396

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsi455.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
memory/2396-20-0x00000000027B0000-0x00000000027C2000-memory.dmp

Filesize
72KB

Download
memory/2396-68-0x00000000027B0000-0x00000000027C2000-memory.dmp

Filesize
72KB

Download