dbefacd2cc609447edb1bef2cdb57d59b31ef2e36d0bdc1a87ca23bb48925247

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50a012bcada57f7d29062dd7d6971145.exe
Size

39KB
MD5

50a012bcada57f7d29062dd7d6971145
SHA1

9b10ee1d3db1ea121a6723c5c4611bb7945795d6
SHA256

dbefacd2cc609447edb1bef2cdb57d59b31ef2e36d0bdc1a87ca23bb48925247
SHA512

38bd0f624d2f1f4bf15cc5032e0c686e2611ef3f9e14104f9b8a73bd9d66e55eb6a6bf4e4e2c7ce3f24720b964416d255a0678cafafd138e6d28986f591bc365
SSDEEP

768:dnCHBjSfD0RDSjiN+WWrHcRtf55M4z54q+F5871mJMSJRnJnMQfNRI:8HFSfARDSW0HefHbmJHzI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2736	Au_.exe

Loads dropped DLL 6 IoCs

pid	Process
2444	50a012bcada57f7d29062dd7d6971145.exe
2444	50a012bcada57f7d29062dd7d6971145.exe
2736	Au_.exe
2736	Au_.exe
2736	Au_.exe
2736	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28
PID 2444 wrote to memory of 2736	2444	50a012bcada57f7d29062dd7d6971145.exe	28

C:\Users\Admin\AppData\Local\Temp\50a012bcada57f7d29062dd7d6971145.exe
"C:\Users\Admin\AppData\Local\Temp\50a012bcada57f7d29062dd7d6971145.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst7E75.tmp\NSISdl.dll

Filesize
14KB

MD5
3f392a5d18b52cfa56536deb80fe3f13

SHA1
29b578d0fb9e0a44a34d4bc00c465f6b6b6dd29d

SHA256
5d5fe2ba855c78f54c5c3ca1a88247a89eb5c480d757decc1bcdcb92f830040b

SHA512
dfec9e8dcf9bc139586afd6811ca297a20a0d9d6ccd24058245acf3cf84aa6371c9b4b8c81c3e67af4ad4d2625b195ee3d1e2e869f3413f14bf47ad23f310c34

Download Submit
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
39KB

MD5
50a012bcada57f7d29062dd7d6971145

SHA1
9b10ee1d3db1ea121a6723c5c4611bb7945795d6

SHA256
dbefacd2cc609447edb1bef2cdb57d59b31ef2e36d0bdc1a87ca23bb48925247

SHA512
38bd0f624d2f1f4bf15cc5032e0c686e2611ef3f9e14104f9b8a73bd9d66e55eb6a6bf4e4e2c7ce3f24720b964416d255a0678cafafd138e6d28986f591bc365

Download Submit