4d760badc219b8c67454b263ed854f39a63aa71dfe5da4175fe7b0274489830b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11fbfa165a01e060772a4bcee09e70c8.exe
Size

142KB
MD5

11fbfa165a01e060772a4bcee09e70c8
SHA1

5a60d24ceab43034d21ad777738341a75143c6e3
SHA256

4d760badc219b8c67454b263ed854f39a63aa71dfe5da4175fe7b0274489830b
SHA512

cc9eeec6ed2842c127e1cc2fc96ae121ff387ad096d2437a0b6e1d98a4ae1726070e23a2b62381fc601730852ace8c0cfdba3fef27e53fbd17caa447c0d36a05
SSDEEP

3072:anOn7t7XpdpCCTg/sxFgJKeqgKJ+BCxCYf7e6LtpGixFJrytCzKBg1RL0Dij:aKpdcCrTdgKw6JLLfPFytCzd7WQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3384	downloadmr.exe

Loads dropped DLL 2 IoCs

pid	Process
1640	11fbfa165a01e060772a4bcee09e70c8.exe
1640	11fbfa165a01e060772a4bcee09e70c8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3384	downloadmr.exe
3384	downloadmr.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 3384	1640	11fbfa165a01e060772a4bcee09e70c8.exe	20
PID 1640 wrote to memory of 3384	1640	11fbfa165a01e060772a4bcee09e70c8.exe	20
PID 1640 wrote to memory of 3384	1640	11fbfa165a01e060772a4bcee09e70c8.exe	20

C:\Users\Admin\AppData\Local\Temp\11fbfa165a01e060772a4bcee09e70c8.exe
"C:\Users\Admin\AppData\Local\Temp\11fbfa165a01e060772a4bcee09e70c8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\downloadmr.exe
  C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\downloadmr.exe /u4d4881ec-1a64-40da-b78d-79555bc06ebe /e7401
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\System.dll

Filesize
10KB

MD5
b1c2dee4f655eba39a769e25e1eaea0f

SHA1
0d3db21a76b3cecac124f0eb3810066c285262b5

SHA256
40df847128bc63afd4e6095c4def8aa193595cd51ed15d0ee88b83cd6312c069

SHA512
4cbd8dba9572a41e3dce21bb7db5b86777bce2477cc664408441b961b65984442ad04d7e3152514441972212a9d2c184d6a6417b8f1d45b35b89e02afe49986e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\System.dll

Filesize
21KB

MD5
5ebc73650256e9c8ddbcda231db829a1

SHA1
988d4535e18754ab2a6248abae96c5697d7dbcd5

SHA256
1eaa543842df7795404184e8892a1654b0773dbc9bd8b54c7fdb9e68f4355493

SHA512
b21266e76fc7263af982a1336a766e47ccf348ed56b305dbb09f03574c9b2a7309f12200e80d86f9a251381be6e87a41206447f11c51899cb31fba10da1d5270

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\downloadmr.exe

Filesize
62KB

MD5
e85679359a2a75c3508178bf223b867f

SHA1
57b7848a373382eea754401040755ab1ce7371bc

SHA256
8a06d48f04887602e2b14571b1d98d47a8e875fe9a0ba197fd49f6f7e4b78a91

SHA512
7e4d8956afcd93f7f0c13d40b5a56f9dcf1ed8622ee7c0bddd4b09fb1a041380161d97f50d7fb51b114a1026e09d0ee15a0bd90e3564cc88971a19a688e8ac98

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4894.tmp\downloadmr.exe

Filesize
83KB

MD5
a465a8936f37564306deac27f5c5221d

SHA1
35ed012635dd528962cc4016bb6dd07f3fcaae4a

SHA256
390ca970155edf280d92aa887018399aa2be38a65634e3eedea8052901fa65ba

SHA512
95487e9fd08b53f9480b96dbaf1b4fdeca52cf9caa2961e4bafeefc2d70c7e1d775f043f55eb249ecd12c3fca7968830ba5ca195a080cfd0f2bc05f9d17ae48c

Download Submit
memory/1640-24-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3384-13-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download
memory/3384-14-0x0000000001770000-0x0000000001780000-memory.dmp

Filesize
64KB

Download
memory/3384-15-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download
memory/3384-17-0x0000000001770000-0x0000000001780000-memory.dmp

Filesize
64KB

Download
memory/3384-16-0x0000000001770000-0x0000000001780000-memory.dmp

Filesize
64KB

Download
memory/3384-18-0x0000000001770000-0x0000000001780000-memory.dmp

Filesize
64KB

Download
memory/3384-20-0x0000000074230000-0x00000000747E1000-memory.dmp

Filesize
5.7MB

Download