e22f88d07be98c313f3413e10062af4c1c96039a23439a8699d51b55faf53c8f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29d08f057852f3090a59637172e881c9.exe
Size

1.6MB
MD5

29d08f057852f3090a59637172e881c9
SHA1

1a8d36622c3da0239b29f6da7cc7257085411fc0
SHA256

e22f88d07be98c313f3413e10062af4c1c96039a23439a8699d51b55faf53c8f
SHA512

f6eb76a7e341ed942eb13b2d6346f32b0ec04f44865317e5d0fa02720da81a9e98d0a6b91c13f6bbd9f0afd1bcb1a9e0bfa6b2f81e2de701d9cb9d7b5f8f3dd0
SSDEEP

49152:76Vlp33SHh5oCeV9A6hmlCAMQQxgv/YOoKR+:7yv3AVeVq4mlwjM/YOo8+

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
720	29d08f057852f3090a59637172e881c9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\29d08f057852f3090a59637172e881c9.exe
"C:\Users\Admin\AppData\Local\Temp\29d08f057852f3090a59637172e881c9.exe"
1⤵
- Loads dropped DLL
PID:720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi4D85.tmp\InstallOptions.dll

Filesize
14KB

MD5
eef9e469e8a30717974499f277d97e2a

SHA1
2d33c25984ebd9116beeb55cdde4c5c86c023e5d

SHA256
1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

SHA512
d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi4D85.tmp\ioSpecial.ini

Filesize
744B

MD5
579e06de30bd28f760deb3849ad1a467

SHA1
b458982fd3786b63f2be53db0e859ec910e21763

SHA256
a5052816acd303c70786c815ca0a8fd1a7b410c09104ff28a6b54b8985a6e379

SHA512
b52585c6bbf4af5e5178b583346705a8849c7366322b83a0baaac01a05a0a6ccf7738f74e13bdde2bb92b304346bd949dd855df450081a18692b80209ebf614a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi4D85.tmp\ioSpecial.ini

Filesize
757B

MD5
f3d217cb03c67c9559dcdb209459be7a

SHA1
6d38e9966276f593e2ec7185a841aacad2efbbbd

SHA256
546dad2de672e97325cc8ce65c8d5dc923daf8e451f99907a432490084a081c3

SHA512
786b21e5df447404ed4000c6dc924e899119fd75fb4538b63e8a4f4853d079b6006c436c29508309abb47a8892789ab60e33c5f31d66fe36dfff869f1db03e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi4D85.tmp\ioSpecial.ini

Filesize
784B

MD5
48c770e6094ba5ad25293951b1c32d9b

SHA1
b18f1e3690ba3112ebc7343919fa74560018c9be

SHA256
0f6af243d5fc6992cd5d544f834a6c03239ae7e584e80b6160686dbf52781af1

SHA512
7783d97f644179167e0d073d95cf6ba0254280ab548fa1cfa0bc4bfaa40d6decac33a3d80affb5d2fc42c80431e18cc95c4c858a2bf92abecb2103c163a8146c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi4D85.tmp\ioSpecial.ini

Filesize
438B

MD5
709434ea7173ae662a3bf25ba90ef42d

SHA1
7c8f7329ac407e1cb4781f8e24c09cb8d638a032

SHA256
1d18f371f1ad1800e961ca581ccd8b1d3919b38b5206e09fc5e6bbe867d96653

SHA512
6aea4ea537004e498bd3e0f79d914de5e80d25cd7be85c6e4db173826eeb4c94452ce0bd5fd5035c8fb7e5930efc9b33ee9c58040a7eacf32c615a5203e0ff05

Download Submit