f10f45a15eafea30b574cd922d0c7f9e5fff2ca2a94923e247c95751b6a8dda0

Analysis

max time kernel
1s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

626673ffd5304cf39ba5c04944051917.exe
Size

704KB
MD5

626673ffd5304cf39ba5c04944051917
SHA1

3479f868c95eb304c7ca52e6cee7a1274dcb6f8e
SHA256

f10f45a15eafea30b574cd922d0c7f9e5fff2ca2a94923e247c95751b6a8dda0
SHA512

c873ea609ca144ecc16bb648ec37edb1e09e8dd0e55babb76430c7b77d72e3e35aa6b61191acc791b7c53e2aab386f872dec96b3ba1f9704d0fd760d5b28b4d9
SSDEEP

12288:kZuZ+zT0+eBqACKGcXSDza3ta/Phhtt08qgZSWLDObJd5A8uvKmivKqDLSrl2hlW:kZuu9MCcae3ECgZzWbJd5A8uvKmivKwi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2712	626673ffd5304cf39ba5c04944051917.exe
2712	626673ffd5304cf39ba5c04944051917.exe
2712	626673ffd5304cf39ba5c04944051917.exe
2712	626673ffd5304cf39ba5c04944051917.exe
2712	626673ffd5304cf39ba5c04944051917.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2220	2712	WerFault.exe	14

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x0009000000023225-143.dat	nsis_installer_2

C:\Users\Admin\AppData\Local\Temp\626673ffd5304cf39ba5c04944051917.exe
"C:\Users\Admin\AppData\Local\Temp\626673ffd5304cf39ba5c04944051917.exe"
1⤵
- Loads dropped DLL
PID:2712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 1400
  2⤵
  - Program crash
  PID:2220
- C:\Users\Admin\AppData\Local\Temp\nsn4DA4.tmp\dllstub.exe
  C:\Users\Admin\AppData\Local\Temp\nsn4DA4.tmp\dllstub.exe ~URL Parts Error~~~~URL Parts Error~URL Parts Error~~#~4157~4784~~URL Parts Error~~SendRequest Error~FA-D2-FA-C7-20-2F~#~~~SendRequest Error~~
  2⤵
  PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2712 -ip 2712
1⤵
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsk5303.tmp\inetc.dll

Filesize
20KB

MD5
134b93f8bd1f82cd2f1b06c878580703

SHA1
29cdbce7a2caf1f7e4d2a139c42336d490074665

SHA256
45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4

SHA512
f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn4DA4.tmp\dllstub.exe

Filesize
121KB

MD5
1faa598e5f0637da7418c9f5507f9fc9

SHA1
d5c9ac29c148fa5b2669f0bdca127a50a1dfb846

SHA256
22e78ce387d8e2ed6e8c7546c81d756b0075c771ee09249ec82d54043382cb38

SHA512
61c16988ebbaa6416eb6a6a50c60502509c588f0dc4c861db85d575c668898662a97a3e5d3f4cd5794e370a25c70bab34dbe2df5c662680996d257c235dfec53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn4DA4.tmp\intlib.dll

Filesize
24KB

MD5
1efbbf5a54eb145a1a422046fd8dfb2c

SHA1
ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

SHA256
983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

SHA512
7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

Download Submit
memory/2712-56-0x0000000002AF0000-0x0000000002B0A000-memory.dmp

Filesize
104KB

Download