Overview

overview

7

Static

static

1

3a68ff7e72...87.exe

windows7-x64

7

3a68ff7e72...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a68ff7e7252345a19c4abae5f4dc887.exe

  • Size

    428KB

  • MD5

    3a68ff7e7252345a19c4abae5f4dc887

  • SHA1

    3007cde9212ee10b3c52418ed83a7883edebf419

  • SHA256

    126f37e4cc98c42146e8fdcf81976708f8af9e4e9a27dd916568702918262e53

  • SHA512

    93334255f261af381eaeb5d336efe978201a99a78fb4e0207ea0741bbe7dc1c99a3cba1ffd04d84d74be0db0d6b4ab13470d39f73d9eefa886b10a06951d2558

  • SSDEEP

    12288:WtobMlBQ3TYGpCYrotyZ3uUUEna8cbMVpM+QAun8:Wtnl2U2CYrotG37zaFkpqE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a68ff7e7252345a19c4abae5f4dc887.exe
    "C:\Users\Admin\AppData\Local\Temp\3a68ff7e7252345a19c4abae5f4dc887.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\installer.exe
      C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\installer.exe north.exe /dT132771637S /e6150574 /u50ae11c5-fa08-4f10-be2a-04b05bc06f2f
      2⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops file in Windows directory
      PID:4172
  • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\north.exe
    "C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\north.exe" /dT132771637S /e6150574 /u50ae11c5-fa08-4f10-be2a-04b05bc06f2f
    1⤵
      PID:3948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\installer.exe
      Filesize

      175KB

      MD5

      c56f474df7c7234370c88cef5e334752

      SHA1

      ff7e59e76a0bbdef4243232786c0d86e9fbb22dd

      SHA256

      2e2e482bbf7a109f2d7cc37a9657715ef133900c4af3b6e90da2842ad12d869d

      SHA512

      79a56ef595b37009382e83fdb512ee9f57e13384060238d809f7d9564f85a2a3d5fd05d75a8de6c3851fe7ba80b7bd5936af4a345bc278cd42fa959f4ed52d6f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\north.exe
      Filesize

      92KB

      MD5

      1d484450fe78f3787c075d8d7f91c2e9

      SHA1

      00de31d380fe25093dc8dcb858c833081da7f730

      SHA256

      02c51357e84b2b25e22e70b3face957850ebcf0e95fab64ea74452e53347e2a6

      SHA512

      1b90f99b27708bb72c61128c83f41b0cc360f7eed58452f9263feff88561a373f46bca905375c8a9b0433fcb60bdfc1d342266c67d5ba8258b86269ab1074b2e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\nsExec.dll
      Filesize

      8KB

      MD5

      249ae678f0dac4c625c6de6aca53823a

      SHA1

      6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201

      SHA256

      7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce

      SHA512

      66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7

      Download Submit

    • memory/3516-34-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3516-35-0x000000006E940000-0x000000006E948000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3516-43-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3948-31-0x0000000000840000-0x0000000000850000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3948-28-0x0000000000840000-0x0000000000850000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3948-29-0x0000000073ED0000-0x0000000074481000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3948-27-0x0000000073ED0000-0x0000000074481000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3948-37-0x0000000073ED0000-0x0000000074481000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3948-30-0x0000000000840000-0x0000000000850000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4172-9-0x00007FFA64350000-0x00007FFA64CF1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4172-32-0x0000000000F00000-0x0000000000F10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4172-33-0x00007FFA64350000-0x00007FFA64CF1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4172-15-0x0000000000F00000-0x0000000000F10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4172-12-0x000000001B5B0000-0x000000001B5D8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/4172-11-0x00007FFA64350000-0x00007FFA64CF1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4172-39-0x00007FFA64350000-0x00007FFA64CF1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4172-10-0x0000000000F00000-0x0000000000F10000-memory.dmp

      Filesize

      64KB

      Download