Overview

overview

7

Static

static

3

2afba01b4f...ac.exe

windows7-x64

7

2afba01b4f...ac.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 15:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2afba01b4f5ca2ea33e964e65e3de5ac.exe

  • Size

    1.1MB

  • MD5

    2afba01b4f5ca2ea33e964e65e3de5ac

  • SHA1

    016ecb42bb3d0c2efb52850fabd96cc109b8ad5c

  • SHA256

    43cd1851c2ad0b49ddd0a2cdabc0daf0e50f53ce121b14e49cccd69352334f0b

  • SHA512

    8fbd639b796bf600d21898a311ffd7d5c4542dc8e5187a3df268c4ed491d5b7f36836effa14d4ffba5e16e72ccf84679cebc3894503d46d1e9a9d53fa357ee5b

  • SSDEEP

    24576:Pznh6YcQVwN1OP6qkuTkR0UojJJrNGRuJC1a:PfCN1OP6qZP9tJQa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 8 IoCs
    installer
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2afba01b4f5ca2ea33e964e65e3de5ac.exe
    "C:\Users\Admin\AppData\Local\Temp\2afba01b4f5ca2ea33e964e65e3de5ac.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2080

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
          Filesize

          1.1MB

          MD5

          2afba01b4f5ca2ea33e964e65e3de5ac

          SHA1

          016ecb42bb3d0c2efb52850fabd96cc109b8ad5c

          SHA256

          43cd1851c2ad0b49ddd0a2cdabc0daf0e50f53ce121b14e49cccd69352334f0b

          SHA512

          8fbd639b796bf600d21898a311ffd7d5c4542dc8e5187a3df268c4ed491d5b7f36836effa14d4ffba5e16e72ccf84679cebc3894503d46d1e9a9d53fa357ee5b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
          Filesize

          896KB

          MD5

          af50c9219c650e369b584a7e11e07170

          SHA1

          e48c4ee2d63c47b13ac88708d6189c882d63a9a2

          SHA256

          a1db13cd308865dff58eae427166c6b90049499875f8ce842071fa9a54e9818e

          SHA512

          f86338151e3649e7811a456a11e84871dae43d28bb5cbde0fadd2f6b4d0326d4ae1abb79d45533a2a00f58032324864eeacd273427978b18d2e2dd6201782ed2

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
          Filesize

          704KB

          MD5

          165728ac024a614fa0815feec7d8ac90

          SHA1

          a1db8ff5087e201f30a5333d5ac6a42c2e6e2edf

          SHA256

          398dffed86d61a76033637b8481b016913ff25c201b585fe7211655ae08e94fb

          SHA512

          38262f1c860696b82f36daf93327e5bbb8709c17e7f620c4806bec626fffebaf35c2665f84f563e11fad44fd5496371442269e792e1c57cd92e86512ccca02b9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
          Filesize

          576KB

          MD5

          f234cc38c6b005ad56fe7e3e66979c99

          SHA1

          a090ba36a7232364e41f5b8a72fab9c896f59132

          SHA256

          904b961ec5cea32f6dd54feb6450020671342a79f4b76cde0294ea5b6208d2cd

          SHA512

          4d12ce0586e54c39ec3d90a59a2d7b2c8c22d26dd76b37928a826b8de0171e4df8dc23e5c09448f094c8ad1ed16344407e3d9734d02b825551dd60df3f490c6c

          Download Submit