11346f56a49b9d6d50296c5e992be30aaf532f61bc03118bb73168ac77bed5c4

Analysis

max time kernel
117s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58caad11529b800cdc7cca6941a7cb35.exe
Size

1.9MB
MD5

58caad11529b800cdc7cca6941a7cb35
SHA1

b6c99c4fe0831a178d34c926cfec8c79b1e5b003
SHA256

11346f56a49b9d6d50296c5e992be30aaf532f61bc03118bb73168ac77bed5c4
SHA512

65eb9f3fa2a50a545996919c76d45388f99bc95213ea15c02a095ad9969f69f39028b0cefade02b4c9004202bd5c1fedd4de0d487d07507b1df127ffbb76d5ac
SSDEEP

49152:kwEOI5bcMkfmmJeq/4MWiCUFj/F/IPQcNkEVI31U4YERuY:OOIJcMavL/2UFTFgIyI31U4YE5

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2316	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
3056	58caad11529b800cdc7cca6941a7cb35.exe
3056	58caad11529b800cdc7cca6941a7cb35.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2316	3056	58caad11529b800cdc7cca6941a7cb35.exe	29
PID 3056 wrote to memory of 2316	3056	58caad11529b800cdc7cca6941a7cb35.exe	29
PID 3056 wrote to memory of 2316	3056	58caad11529b800cdc7cca6941a7cb35.exe	29
PID 3056 wrote to memory of 2316	3056	58caad11529b800cdc7cca6941a7cb35.exe	29

C:\Users\Admin\AppData\Local\Temp\58caad11529b800cdc7cca6941a7cb35.exe
"C:\Users\Admin\AppData\Local\Temp\58caad11529b800cdc7cca6941a7cb35.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\58caad11529b800cdc7cca6941a7cb35.exe41.bat" "C:\Users\Admin\AppData\Local\Temp\58caad11529b800cdc7cca6941a7cb35.exe""
  2⤵
  - Deletes itself
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58caad11529b800cdc7cca6941a7cb35.exe41.bat

Filesize
200B

MD5
76fc62a5d52e487302bb871aa1d8b0e9

SHA1
a026ee46771503beea155fd246cdea00a34c6ab3

SHA256
484ac4fd493612d9bdd7a9f00efeae59d0fdb55dbdbb13bf40b93aa8feb8670e

SHA512
ca56ec938af67227d83c18f6d922eb6b9853fa91edb124cf7afce42b0ac19c683f06266f40e73e28b19735f3408f4cc4763a9e7eea8daef97a16965779ac3552

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdCA90.tmp\Info.dll

Filesize
462KB

MD5
224ef3379565e3511150c7cb57f5953e

SHA1
8ba876e169077e42a6fa70b0328648688e130ea1

SHA256
76d8ba9f5d8a22984642e91406ed49cc62602009437b64c3f5cc0bab2cfa207b

SHA512
feb8b7dc2e8424d7d6d70eedf7de1aeb83cc14d7ec013bcbaff7277d44c8c6631685a32bc5644d8deff04a75e19671b5cb1bfcd3f3f1226adb8f5cac133e0e52

Download Submit
\Users\Admin\AppData\Local\Temp\nsdCA90.tmp\Info.dll

Filesize
399KB

MD5
13c2200b8bb86868e19716a565785832

SHA1
201f4b4c645641fdc8b3bc719911a7c290b00a0e

SHA256
657b0a552a19e6017ae2c40da3931f476232d6c25ebff052527b9865e6167d9c

SHA512
01bf4b8dfb62a62a8d57f0b499457a1ca350a7ab96c4faf1704b6649dd1b3564c26e7a648ddbbc8156f804407e1b084d9839f6909063ba3765d1d41228c6b34a

Download Submit
\Users\Admin\AppData\Local\Temp\nsdCA90.tmp\StdUtils.dll

Filesize
14KB

MD5
21010df9bc37daffcc0b5ae190381d85

SHA1
a8ba022aafc1233894db29e40e569dfc8b280eb9

SHA256
0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16

SHA512
95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e

Download Submit