110fd76e5cb38e5b983c9d2a9941807ec45ebddff5fce188941788dc510a1d56

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4561a160f5d7c6b29b9dfd62a0092ab1.exe
Size

4.8MB
MD5

4561a160f5d7c6b29b9dfd62a0092ab1
SHA1

1c1311f5dc9b0f9201870db44c5febda37d52491
SHA256

110fd76e5cb38e5b983c9d2a9941807ec45ebddff5fce188941788dc510a1d56
SHA512

ec2ff743f3a30f5d2b971b67a65670e51e9b50f22794806e8fe51a1e2b3d17314a0f546518211f22355f52bb015ff89dab1adb47295d17f9ae23d79d3b56c965
SSDEEP

98304:Jdms5uk6ETd18X7aERbR0e6riNA/SSSo+hCPcclUS6MwN820QnPc:zz8LdRbR0friNA/yoDcc96MwW56E

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4688	5020	WerFault.exe	89

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe
5020	4561a160f5d7c6b29b9dfd62a0092ab1.exe

C:\Users\Admin\AppData\Local\Temp\4561a160f5d7c6b29b9dfd62a0092ab1.exe
"C:\Users\Admin\AppData\Local\Temp\4561a160f5d7c6b29b9dfd62a0092ab1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 2268
  2⤵
  - Program crash
  PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5020 -ip 5020
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\Button.dll

Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\EmbedWeb.dll

Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\KPTool.dll

Filesize
18KB

MD5
ae60f7858d2318f81514e01b925f74ca

SHA1
292fe609aebc4f213c44d94a6c68dfb5a499f2ef

SHA256
9d7ffe7082c92d85522d82faa8767bc3ef744a85455c336f99b5e8e288a6cead

SHA512
9fb698c8f8154779e5957336eb57fb97c9bdf50f53245b353c21ae4a52b25b86f910fa6095e6ed74bf0812a4935df62903efe2079713e15c2168cdca6f0048be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\browse.png

Filesize
4KB

MD5
13e56cc02f51313e8be10ae3e97ed675

SHA1
590ec3870d49a52759c22c1b0135f3b1698655bb

SHA256
0c8cde40bf8e609edae2b0114346892d8b203f2dc4d394fa013d5355511ec9d9

SHA512
2babeec452804e0e59fdab904813bdc90237fabe21b1c369f542b091617806958b891dc1d16c6f002364acb121e1a81c1ce4893f9505570b629451ff0a08439c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\button.png

Filesize
5KB

MD5
c4e253b8e6201917e2bf83b2ba44a666

SHA1
5a75c83d9957f5554984dd77a4753882ba21986c

SHA256
cd79f395d069ad242a10940533be6ce11823ae3482abc920bdad81e185556ebc

SHA512
1d50165aaed97f29a1de5966c7056222bb30a1fa8c3a2a2ada3dcd4e1648ba0276bec3e464f104e078cd85cb330921ccab7280aaf397ad33923eb2c5531dff8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\check.png

Filesize
4KB

MD5
e0020cbe039f87485e129fd893657c4c

SHA1
778304a8aa502059369a601ea8ee39866b1e0a80

SHA256
5693348955b563562bc04c4c2be8539228dd9c9da075fa34fbdd735764d1aa6e

SHA512
6b87e3519d3582c861763c4f91e8154e29fcd9561a4bf00ca589635f72b8ec2cbe8ecd8031956d5f50d38d2416cd6106c038d98611ba81a0c253bba4e292db65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\close.png

Filesize
4KB

MD5
f47f242189ec33ec0524c5954b31c3ad

SHA1
6d61c8d6f6951e110956544b7821a7587627c853

SHA256
676e86a918a4de851451d236b9fd0f197ac7b00e91e5f9923eee7214f85512b7

SHA512
9044d8a00f8ddd37408c73c2dc1b531861290ed2fe490ab9bf07308cc4d9c97a069234ef72e41ecfa0aa7d81922e0fd5cd6c5e0b8e4936c93b3df4309f31f889

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\inetc.dll

Filesize
20KB

MD5
c498ae64b4971132bba676873978de1e

SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27

SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6EAA.tmp\sndsock.dll

Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
memory/5020-54-0x0000000076F10000-0x0000000076F34000-memory.dmp

Filesize
144KB

Download
memory/5020-80-0x0000000076F10000-0x0000000076F34000-memory.dmp

Filesize
144KB

Download
memory/5020-79-0x0000000076F10000-0x0000000076F34000-memory.dmp

Filesize
144KB

Download
memory/5020-52-0x0000000076F10000-0x0000000076F34000-memory.dmp

Filesize
144KB

Download
memory/5020-45-0x0000000076F10000-0x0000000076F34000-memory.dmp

Filesize
144KB

Download