52948910501f8c6a94d219d000a1499176b66880cec1dadd3d6e2b776b98ad15

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09067dc668f83edba5fc69accf3e720e.exe
Size

3.5MB
MD5

09067dc668f83edba5fc69accf3e720e
SHA1

45e59b90f5f6590589705b118f16ed60248ee9b1
SHA256

52948910501f8c6a94d219d000a1499176b66880cec1dadd3d6e2b776b98ad15
SHA512

26336326bca4e63ceeb5602aa739dca127712071d0289defd7aa7e1b4a9796a3aa8b591457425b7a0dbf375d37f482491d686b3b2b6bdfdc48ec40c26fc6247a
SSDEEP

49152:IV1dMQQ/6AxR5eFr3bkZI7JM9ZtvRDEOINJsCWcEcgnth96qI86PHZMaCLc0G3Dg:6da6Kyry3hNE6CWlcgj96VPHMG311I

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
632	09067dc668f83edba5fc69accf3e720e.exe
632	09067dc668f83edba5fc69accf3e720e.exe
632	09067dc668f83edba5fc69accf3e720e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
632	09067dc668f83edba5fc69accf3e720e.exe
632	09067dc668f83edba5fc69accf3e720e.exe

C:\Users\Admin\AppData\Local\Temp\09067dc668f83edba5fc69accf3e720e.exe
"C:\Users\Admin\AppData\Local\Temp\09067dc668f83edba5fc69accf3e720e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm4A98.tmp\tools.dll

Filesize
92KB

MD5
f8c6e0f217e554ec2db9d77ceae4faf7

SHA1
2b4b32bb97ef8e784583c80f9d76f18368778f74

SHA256
58f8b0e71cd88a417f92088f0aa17f9b8074b6711d039b586a46d624e009fa66

SHA512
5d07ae983b617c17473421a69368726fe38946abffbfd99220a6e43b2672cb2a8f547e4cdd9402d15a1f59f3a56c5d91f4eea52dfbed9166e515a6d736ed9fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A98.tmp\tools.dll

Filesize
112KB

MD5
e3a0bd464ede96cec9aea75f5182d6e7

SHA1
cb7b21dced4c778348cab22fdf1a231c7aae3f3c

SHA256
a7b30e53ca8dd462e73c7d13c21660529bae56d8e822cafb0938d9b461579282

SHA512
3c1505ea4968872bcf4fa8f47f9865f0cfa4ba9ce0cc9a63bbe871f3800d3e3ef2458b5515aebcfefd57c807178bc97327b55e9f0468200c99c69617c192bdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A98.tmp\tools.dll

Filesize
97KB

MD5
9a5a1cbce890c1bdb35608be9a6ffe5e

SHA1
6c09f44f97b532cb6bc336ecdcb7150af84d9bae

SHA256
bceafbfe6213c267820c4b5d1ce43fe93221ce7baeaa26bf47b20d0f361cac5a

SHA512
7b99d6e8ea3ce4c2fe1875d2022e1543cf4962d3a733ae82f37c21b61532374dc0a4431cb63358ecdac1ce03e403de0c585bf2d9618c30c853ff8ad4553e251a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A98.tmp\tools.dll

Filesize
137KB

MD5
a2700f64a6b5e5b52df20351cb773ba8

SHA1
f5fd659e80193d88c02690ba3f2ec99d676b0f7d

SHA256
86211069d4fd92a123fd0d300652d6a30353e92283b1db6f612265c8f2a8c58c

SHA512
e496780cf857c5917939b6747a3240f6a9fa3e750756b7f988dbea23bd2b2805a1deaa940be590dc64f0bc7eda30ed0bd5c60dd8ca2cff8e6826a3b4c02ac78e

Download Submit
memory/632-30-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-31-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-23-0x00000000749B0000-0x0000000074F61000-memory.dmp

Filesize
5.7MB

Download
memory/632-24-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-26-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-29-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-19-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-25-0x00000000749B0000-0x0000000074F61000-memory.dmp

Filesize
5.7MB

Download
memory/632-32-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-34-0x00000000749B0000-0x0000000074F61000-memory.dmp

Filesize
5.7MB

Download
memory/632-33-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-35-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-36-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-37-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-38-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download
memory/632-39-0x00000000033E0000-0x00000000033F0000-memory.dmp

Filesize
64KB

Download