e2ce136b057db82b5967bc923c861b0a40d6935fe5d7b74cd3cb1db94a0072d7

Analysis

max time kernel
147s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

148790c33dad176e7430e5a22dbc2b96.exe
Size

83KB
MD5

148790c33dad176e7430e5a22dbc2b96
SHA1

54d3cf0a10873f4b2116ba079bdabc9ddeaa1276
SHA256

e2ce136b057db82b5967bc923c861b0a40d6935fe5d7b74cd3cb1db94a0072d7
SHA512

5b9e1cd9b9bfc4565c093987b4b1908317649ff8987432817f6fb9377817f0ac4fa441345f57ebb265f9ca17c13b8b90193bf81c6b0033dc475b562c3c322ff3
SSDEEP

1536:xpgpHzb9dZVX9fHMvG0D3XJkQJwCOwVpLFBrnsV/9CswxQ93:rgXdZt9P6D3XJVrpm/9p93

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
764	Au_.exe

Loads dropped DLL 1 IoCs

pid	Process
764	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0008000000023208-4.dat	nsis_installer_1
behavioral2/files/0x0008000000023208-4.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 764	1156	148790c33dad176e7430e5a22dbc2b96.exe	91
PID 1156 wrote to memory of 764	1156	148790c33dad176e7430e5a22dbc2b96.exe	91
PID 1156 wrote to memory of 764	1156	148790c33dad176e7430e5a22dbc2b96.exe	91

C:\Users\Admin\AppData\Local\Temp\148790c33dad176e7430e5a22dbc2b96.exe
"C:\Users\Admin\AppData\Local\Temp\148790c33dad176e7430e5a22dbc2b96.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsz448C.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz448C.tmp\ioSpecial.ini

Filesize
643B

MD5
8789416682588ec522300b4a2ff314e4

SHA1
e9f9eeebe3235f26e8d35cb7929674a1fcf5c844

SHA256
1f12c13a65139fef89889756d68608bb065ac22b32e87197db5f3773f02f0d5b

SHA512
9832045ffc7196811f7c6cf3c784d55c40fae85e87b17977bfd53fc7c1b95324b1ab3b0b01491f04b241d5f3951e3e64b4a20f32743df641107b713bd27f108f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
83KB

MD5
148790c33dad176e7430e5a22dbc2b96

SHA1
54d3cf0a10873f4b2116ba079bdabc9ddeaa1276

SHA256
e2ce136b057db82b5967bc923c861b0a40d6935fe5d7b74cd3cb1db94a0072d7

SHA512
5b9e1cd9b9bfc4565c093987b4b1908317649ff8987432817f6fb9377817f0ac4fa441345f57ebb265f9ca17c13b8b90193bf81c6b0033dc475b562c3c322ff3

Download Submit