Overview

overview

7

Static

static

3

4e4c6330a9...8a.exe

windows7-x64

7

4e4c6330a9...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e4c6330a94c36031e42bd8b4376838a.exe

  • Size

    471KB

  • MD5

    4e4c6330a94c36031e42bd8b4376838a

  • SHA1

    f8965f021830460cead11380190855e350ee5203

  • SHA256

    55a66feced4d3d8e946886a03ba5d9b97f8fe37ebaa274c56fdecfd18d699d6f

  • SHA512

    2d17b83eb5131a2488994b9bf1526e02751f27d5fca69f284ed9f58fc154d65a5f9c7e2c01133e426ffd4e8e03320f8e40f3b8a355014062fdf72ba2599cf13c

  • SSDEEP

    12288:LaiZgIGkSvdAhXnF+IrdD4RGatHg3Vs3qZhtSkGeUkIBWFM1UKvt:LaiWIXMdAtgC5kg3VsuhtnbIrl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 12 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\svchost.exe
    "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe
      "C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
        "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: GetForegroundWindowSpam
        PID:2660
  • C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe
    "C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1756
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe
    Filesize

    156KB

    MD5

    675d64b4f90797a33b7be8381d446839

    SHA1

    6b8114cabc593e140d74f2c330b218e069492eb3

    SHA256

    54f9cb9870da4221bbf963d90d1e0426f29f4035ee208c8762c63380f4f0a40a

    SHA512

    c83a978bc2ad8f77fe5cea58b7cdd8a9366bdb81f7fc29a06d9b52f672c6c32787e0df973d8542df528e2a3e4b9befda197b08b58c02e5e558c1151296f4e6a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe
    Filesize

    92KB

    MD5

    95d914e27b411141c83d15a8a09f2b41

    SHA1

    f2ef2e5849d0e3b77a2c8f13dd2717608f1cf62d

    SHA256

    95596e27f24a80586b63a74a8e443020abfba0c0802cd01b5f9a0e2c958ffc2c

    SHA512

    9adcac0cf9ae4ccc250cfa99f718d5299c6ffe05c574ce21e83b87786a0aad710a40cef4df33ff31c78f0aa958fdafe8a662991789af94f833b0c1873fdf7646

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    26KB

    MD5

    bba3ef7908035e5a073cd0e058009cc1

    SHA1

    5aba60651fcc2f359b7e41789234c448340455c6

    SHA256

    a4633dd1c7196c80a085ccfb55bf3a33c7a76671f70574902b4078644ef08a97

    SHA512

    4a1c7ddd943aad81598bf4dada135efcdf152313397a9b7a8204e9f0fd66969ac8328c04890a647b20eb376c4a19b56cad709fb87835f2b1fbc2613cdff49453

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    35KB

    MD5

    9e3c13b6556d5636b745d3e466d47467

    SHA1

    2ac1c19e268c49bc508f83fe3d20f495deb3e538

    SHA256

    20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8

    SHA512

    5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4e4c6330a94c36031e42bd8b4376838a.exe
    Filesize

    397KB

    MD5

    50133825879175605c0038e22f62bd83

    SHA1

    1fcb09a67c8cc36308944dde90942cfd2df36e18

    SHA256

    a258035f67a6e2990e8c7cfe5ab88f65e2dc47e3516c24830a9e7189b7cb91d0

    SHA512

    7735a0906f1b9067b4e081f3e00c9150dc489d9729085832a928412af5f50a5cf10a7872bdc82f0e7deaa1b748f7a7656ae6fdc580974ed82a1ccdfa74390f73

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6124.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    64KB

    MD5

    420e37b577a4dd66d48f46f02b9f8455

    SHA1

    cb17cc3f26b264ee16f791e2c51b09d1fbee63d1

    SHA256

    0141acb4b7fd70eb364c89518e3babe747f9d0d09e692547daf9289bd93ec333

    SHA512

    ef3b0bc2fd7606e686dace14cd7af9d055956d06edfd3081477ca3a4e257cd0ae695f1b66ec0d1b3a8bc6efb2da587c666c9b993a4b09cd14bd49064992aeed6

    Download Submit

  • memory/1756-5-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2160-15-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2708-121-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2708-129-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download