e155111b6990086e74c0802af0f230dca7be8d377d7b8d4cc16bc4ee1cb6b2e2

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b5d3dd4d52bb6614327ae1933610c7a.exe
Size

695KB
MD5

5b5d3dd4d52bb6614327ae1933610c7a
SHA1

8923de4c726d7badf550422ff88d2e1274e3852e
SHA256

e155111b6990086e74c0802af0f230dca7be8d377d7b8d4cc16bc4ee1cb6b2e2
SHA512

ae595f6408faab049a5ec20251e84d3d3c1f4b6ce6d8fb3aa30b7ea3ab3bf0439efc080956e341d70b2129a3ffda227ed7c081a722b06ba4924edca1fafb59cb
SSDEEP

12288:LN4brFazy+iGK2UdsZ26m1WrL+xcxz64V2GF3ZGfXvox/AZiqTi2KORWDbkGr:LaFMy+iR2U0KGN64V2qVx/AU5rfkGr

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe
4576	5b5d3dd4d52bb6614327ae1933610c7a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4576-0-0x0000000000400000-0x00000000004AB000-memory.dmp	upx
behavioral2/memory/4576-108-0x0000000000400000-0x00000000004AB000-memory.dmp	upx
behavioral2/memory/4576-221-0x0000000000400000-0x00000000004AB000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5b5d3dd4d52bb6614327ae1933610c7a.exe
"C:\Users\Admin\AppData\Local\Temp\5b5d3dd4d52bb6614327ae1933610c7a.exe"
1⤵
- Loads dropped DLL
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaBridge.dll

Filesize
12KB

MD5
9781b7bb06ea11ebce5dc9d57b3437a3

SHA1
604123977fffadebfefccae08df6b8e2e5dbab82

SHA256
c26d867114a04c677ef9ac35d83c2d362c1fb9ff8d46abfb785d71a48cb9c309

SHA512
666125abfb144665506e1085793656f31708211b940efca8188a5b20d57a058dcae10ec274a7614450f7b66854c9239c2838e61b3721c10482710a2008b681d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\mime\core.dll

Filesize
52KB

MD5
4a4845ba1666907f708c9c10a31ec227

SHA1
1ebf626adc84147e5114885ce779f92d6eb68f3a

SHA256
a1ffee9687ab4a23a78b3251888aff09e2896d76f8d16d713367b265f125188d

SHA512
d009f5e2a2ecfbec5e5e788ade142d612846d0c99921774e4a11b060998dfb0680cf1e1a54604535d5560738093f9ae166866cb23eee5c7d9c4e5cc5a33e7464

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\mime\core.dll

Filesize
50KB

MD5
6348235b56271a516167ca71405888cd

SHA1
ddd36bfe8145f088ce7dc589d49b592037316d6b

SHA256
c2f429cc4ed1dc61798292ff52d0e604994a0709c95375d8fc29e45320258800

SHA512
3bf32173179f17c8b3c2da2d58655df328a134a95b7f99ac1f8356da33b32575cacc8ab9edcac9014c7250d47032f418d35b4f04e7df2bb13a95874ddb4fa19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\mime\core.dll

Filesize
49KB

MD5
76397a415bff9445bc465d001d7265c0

SHA1
d11b737d9c68bbbc382c019e73fdcaa667e06db4

SHA256
feccc186b4da5d2b6069a1344b26a2e3cddcc4d7ae32038a762eb3393411ef99

SHA512
d77dbde52921c26e20f7ce77d75de4e3026ae6b7aa557b441756c2cd764b18c594145fbb66443add2e8becad0231d50f9c6cf0636acd37b085aa4a8b62757f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\socket\core.dll

Filesize
56KB

MD5
91376a2c39bd0232d3a34fbc7c168478

SHA1
4cdf53cfd16c9ed4f060f70832812fa28b7fb2b8

SHA256
63347af41a3b0336331f5876eb53c3c0f6bdd81d8e6d242ad323c62bf475debd

SHA512
ad32c0286cdeff3ffceeeb15466ad95184a604cfe0d98d7d74fd3a21a7edbe1edf101039e895b984b0f9ebc8cdfa4edfbc74b9c016bb07539ceb8c4df291d033

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\socket\core.dll

Filesize
60KB

MD5
36ca3ec2dc4c4e243b090309f785b1fb

SHA1
2e625ac0ab0733534f9dd2b89411e8ae3f5ed0f9

SHA256
38776c74326a2ff0e78122a3d35cf80588616e5354a751083ea7667d044506d6

SHA512
fc91a65296759f86db354d126c2c4f915652968804632672cc0b33757d164a06d23096113f6b765bc1c45843d6a8b72e6d8859211da50d468c89f4b3694454e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaSocket\socket\core.dll

Filesize
64KB

MD5
673cccf9b6745fc0fdceb0a6ec40592b

SHA1
7cafb21c14e8d5b3a3e4c890a91ee6ce63807ac8

SHA256
bbe0a448b9ad7c37a3425d9a4ebdef4ad9d51e398f5584a5b53c6c25b1c584f3

SHA512
ac53d14c6a54b1a52c8fba1f66b50589d9418cb636507dae5ce9731fe2e2c558f2ae91021e8d59c5e4f5bd91f23a6868fbb278a832fad2605fa469a898d2de7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\LuaXml_lib.dll

Filesize
11KB

MD5
7292b642bd958aeb7fd7cfd19e45b068

SHA1
19a800620d041634abae5b5d096cb0e87ce4c188

SHA256
90f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09

SHA512
bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\lua51.dll

Filesize
110KB

MD5
3d0a3ed2a3586d0ba9f7b4e77ccd745c

SHA1
198b094b24548596aa5527f8d2917e86213c30cf

SHA256
f438322e886234edfcbeb1943b59c51d8729ab87e59ebb2b671b8e08a1818597

SHA512
658245f08ff4de0e120c19c15f5968cae5ee5c6f337e5971e37be47953a871b1cb76b16eb70f43534b85bd45b01e476647d276f9893303216932f2ac84509826

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\lua51.dll

Filesize
48KB

MD5
5e670e534b6911ef197b7d7d109fa1bb

SHA1
cb9ebb95942dace91cc7c71c4c1bb84e6fd6f362

SHA256
1609cccc06607d6c15e9a6b7532ef213917280ea900d0fd9d785917597fcc722

SHA512
afda52e6a6e992aca4ca5e7fc6e7a1b541fe62c337b283790561f1551e1c11c6b3a3be810c7d0b431225462f00097911efb427aa3f27b64a3294d70bc5251ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\luacom.dll

Filesize
40KB

MD5
66cc308f1017656e7ba824a206169d9c

SHA1
b202f919d8b74984e88a49e8916effe4bfaea364

SHA256
c05f6a027e298a737b7684e6ad6727ab1b9e9d77db6f84f3c7e345b9af2d62e7

SHA512
3f96bd4c9d49efc434e166cb204e69d120858b75bab36b877fac288c23ad38a4ae3eac0f2b912d75c487cc58152b8529fd233fc974d113033643137b6074adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\luacom.dll

Filesize
39KB

MD5
df4dd8aaaa8e637b081216d5ecb3313c

SHA1
f076ec9e41dc3d78b79b602b55b630ad3a7218e0

SHA256
e446ac4f5faaf1ffdf786e35fd7aa1d6e79bbf88e9b9ef7dffe7fb7c413cde69

SHA512
6ce0a5621be38c873a1bab0f8dd05692c9a3870b16e8d66a3284a1d6847191054fbd9e6167b8f85941bb727a856dee3fac7955ca323c1ae4caf030ee7d2e54b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslA105.tmp\luacom.dll

Filesize
23KB

MD5
88227ccf28c00bb93346a9c606ff8e03

SHA1
97c27400a0fe6ccf206c036d1bde23aa076377b3

SHA256
0c3983e56f326908b1e07075367fbc874d72c21f4d1f90afd1e157f62833804b

SHA512
67d31a388be4daf1aff2fedab1aacd0f9a3bbcce442503ccc7f18d06de4528ce2c6d9efabe242740b88c8542e5ae218a0148a58b6a1c3ff9357e61511c2a1a7e

Download Submit
memory/4576-61-0x0000000003240000-0x000000000324E000-memory.dmp

Filesize
56KB

Download
memory/4576-0-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/4576-74-0x0000000003290000-0x00000000032DE000-memory.dmp

Filesize
312KB

Download
memory/4576-46-0x0000000003200000-0x0000000003216000-memory.dmp

Filesize
88KB

Download
memory/4576-108-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/4576-109-0x00000000031F0000-0x00000000031F9000-memory.dmp

Filesize
36KB

Download
memory/4576-222-0x00000000031F0000-0x00000000031F9000-memory.dmp

Filesize
36KB

Download
memory/4576-221-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download