37ea0f625b2e86a3107aad9bfddb78ca5256e548a68cf5b449801c3fc33a7e77

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a1690fce98ef60a3f10594eb4aa96d8.exe
Size

958KB
MD5

0a1690fce98ef60a3f10594eb4aa96d8
SHA1

184acd1cce2015a9746a3e92bce86080415475c7
SHA256

37ea0f625b2e86a3107aad9bfddb78ca5256e548a68cf5b449801c3fc33a7e77
SHA512

f365120c7c7e35ef4afd3e118ed98e274240fa54fddf886ea92bad3f5e73464c9895b25faee163efa3efb7034b41edd7614d98cc634412cb68d0abff6e238bb3
SSDEEP

24576:VsudcT9g4JTOMwufW/z7aUGX7BLw1SZ7l1ZL:6uiTSUaf7/z7kX7aA7B

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2980	0a1690fce98ef60a3f10594eb4aa96d8.exe
2980	0a1690fce98ef60a3f10594eb4aa96d8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0a1690fce98ef60a3f10594eb4aa96d8.exe
"C:\Users\Admin\AppData\Local\Temp\0a1690fce98ef60a3f10594eb4aa96d8.exe"
1⤵
- Loads dropped DLL
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsx4E30.tmp\newadvsplash.dll

Filesize
8KB

MD5
7ee14dff57fb6e6c644b318d16768f4c

SHA1
9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce

SHA256
53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7

SHA512
0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f

Download Submit