1387a359148d371abc9a001dc292911f8520d48236bc8758d01461cb607562d7

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa094ac987e910da9b1d27bcbd9bbb1.exe
Size

1.7MB
MD5

2aa094ac987e910da9b1d27bcbd9bbb1
SHA1

0f82609951659a92598b8a67fd966f40abb0670d
SHA256

1387a359148d371abc9a001dc292911f8520d48236bc8758d01461cb607562d7
SHA512

24180da41d170021a1ea8d56db8617f76d65898accc16d7ead54b69f16fea76568a6f8c97cadab047313967b96f51d514d2b09315addc0f93f3838b984e8550d
SSDEEP

49152:WJc0pmVTgHdUx7MO5Gt+StYO9PV8sIbXqs7B2csU2:a84dsoYGt+n68Jb/92b

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4960	2aa094ac987e910da9b1d27bcbd9bbb1.exe
4960	2aa094ac987e910da9b1d27bcbd9bbb1.exe
4960	2aa094ac987e910da9b1d27bcbd9bbb1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4960	2aa094ac987e910da9b1d27bcbd9bbb1.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4960	2aa094ac987e910da9b1d27bcbd9bbb1.exe

C:\Users\Admin\AppData\Local\Temp\2aa094ac987e910da9b1d27bcbd9bbb1.exe
"C:\Users\Admin\AppData\Local\Temp\2aa094ac987e910da9b1d27bcbd9bbb1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\BDMSkin.dll

Filesize
990KB

MD5
7daedb85db9bbf2767541dc9bc8c8b1a

SHA1
0809c87d507e641df5ce6a2f3eacea5e05697d2a

SHA256
f20e151a9dce1d16b7f40ccdba19adef2b952eee800e19220f24182de7c9464e

SHA512
1da46a14cf32f4c5d969e3435655137013de8f3085e86fe8175025d9eeed6245d4e623bbb267b5c66ada87a1505a6990cb661c6fe5087fd82ce3c4b00e155d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\BDMSkin.dll

Filesize
917KB

MD5
cd5d13a827249d24be34a02483c4dd6a

SHA1
5bd9e694ca499fa70b9fbb8e2fb33790e48c9d5a

SHA256
cad4799e9f4ff5046c48843e8184223f8152fc7e1ea463fa091a97fe35ea3444

SHA512
96a9765dacbb15336e29a7f6df26dd83d0fa9c226f21a770416d6430bccf04e83330a1ae3a1459e78e65e8eeb3d7bb7bbab222de842e1766114f1b95eb2bffdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\BDMSkin.dll

Filesize
1.3MB

MD5
b540a866191f7fd20f5e6355bc2b094e

SHA1
df01a0c011e88a1f860db41d474d3fe893f06082

SHA256
ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6

SHA512
e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\tmplyvfhn.dll

Filesize
652KB

MD5
49fb988541b434a2962af3e21c3cdabc

SHA1
4d19bb3dbc372ba9ea1130335fee829d9c575e7a

SHA256
37ea00cb1e28ed1efbaf24dc99255b8ed82a8a12e1b1b08092baec0ccc5ab541

SHA512
2e12538ec1add404d6ee7f43c8eff04cdc53221f775fa7a1d78c93ce79697acc42b903793728142d9dc193da8e6cb10d986df824e3943089a88321ebdcd01232

Download Submit
memory/4960-13-0x0000000003140000-0x0000000003283000-memory.dmp

Filesize
1.3MB

Download