Overview

overview

7

Static

static

1

0f84147ad6...cb.exe

windows7-x64

7

0f84147ad6...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f84147ad6373a34a9a240e56acd80cb.exe

  • Size

    281KB

  • MD5

    0f84147ad6373a34a9a240e56acd80cb

  • SHA1

    e92214ae416d9a62c6eb2c40dd8bfc143accccfb

  • SHA256

    2404fede24d3ba8d9f62dce7e57d91f1d082ddc4044da0939970eb4bbf508a97

  • SHA512

    51ab23949584d043b08b6cebc17932c332e5e757a7fe9a2add04e040c30a9255c100ca15fe7aef4200f38071382365978dde792a97c9ebd4def399b94f9976a1

  • SSDEEP

    6144:IsaocyLCjnRlni2DQjFGwIOd7XLMcNLyKaXPK5XlMoYm:Itob0R14lbMcNLyHXPKn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f84147ad6373a34a9a240e56acd80cb.exe
    "C:\Users\Admin\AppData\Local\Temp\0f84147ad6373a34a9a240e56acd80cb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Users\Admin\AppData\Local\Temp\nsi4EBE.tmp\installer.exe
      C:\Users\Admin\AppData\Local\Temp\nsi4EBE.tmp\installer.exe 8326f16e-dd66-11e2-a752-00259033c1da.exe /t1023a7a156ce7db33cb7c8bcf7cfb5 /dT132290432S1023a7a156ce7db33cb7c8bcf7cfb5 /e9107993 /u8326f16e-dd66-11e2-a752-00259033c1da
      2⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4948
      • C:\Users\Admin\AppData\Local\Temp\nsi4EBE.tmp\8326f16e-dd66-11e2-a752-00259033c1da.exe
        /t1023a7a156ce7db33cb7c8bcf7cfb5 /dT132290432S1023a7a156ce7db33cb7c8bcf7cfb5 /e9107993 /u8326f16e-dd66-11e2-a752-00259033c1da
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi4EBE.tmp\installer.exe
    Filesize

    207KB

    MD5

    de8e9cb3a534359f5809b9c5980ce365

    SHA1

    34def3bd6d46a97daa546671513733b9a94c1e8a

    SHA256

    653db07daeedb23437e723f00ab4f7320e5bb6e6689e38e54896ee44d84cfc71

    SHA512

    dffe030837a4babfb06419ffd893f54b9856e0f1aafb320e923a7a4aea894154207b0f2998fd0ecaaf0105c6ff1bed95d93a8ae2f531e1c8c3aca248a35b1fe2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi4EBE.tmp\nsExec.dll
    Filesize

    8KB

    MD5

    9f4abe9c1c095cdb505df5db52644d44

    SHA1

    94295f495f5535e0143107d3ca34141c943ec0b5

    SHA256

    e41bd375070919e1e194a7c1ca722a30d648a7fa7a4b5c33fb05660813c18bdf

    SHA512

    d1b6ab6d3e51f69e6ec79aa23629afc9ddedd8a7a668ea61b06bec115c95e2a35dca3ff9b9eb649e4bfece9a2fcd0832fed45f2308dca874f6e819708ed48169

    Download Submit

  • memory/852-31-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4612-22-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4612-21-0x0000000074260000-0x0000000074811000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4612-19-0x0000000074260000-0x0000000074811000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4612-20-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4612-23-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4612-25-0x0000000074260000-0x0000000074811000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4948-11-0x00007FFE1FA20000-0x00007FFE203C1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4948-9-0x00007FFE1FA20000-0x00007FFE203C1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4948-12-0x000000001B1B0000-0x000000001B1D8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4948-27-0x00007FFE1FA20000-0x00007FFE203C1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4948-10-0x0000000000B60000-0x0000000000B70000-memory.dmp

    Filesize

    64KB

    Download