15c7077248758f76d906722e81fa4fb9e1f3b4409f192e31bb18c021a3a038e2

Analysis

max time kernel
77s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62743db70c86f30f13ef48b5dc212731.exe
Size

75KB
MD5

62743db70c86f30f13ef48b5dc212731
SHA1

2e1355d20bb13906009ec67bc52423820f56602f
SHA256

15c7077248758f76d906722e81fa4fb9e1f3b4409f192e31bb18c021a3a038e2
SHA512

423920ffb6360d05debbbfe20840550664f18d7b8a4758dff6c2db230626e7cf37d2f8f2346b5537d11015f7863b4056948c31a6094b38aece0d6f6087ae31be
SSDEEP

1536:SLXB65939tY6HBg4sXJS+ekp6jC+aC8nUqS8qcy4rLnVb:SLk395hYXJSS4WvCpqjy4fnZ

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1660	iWinGamesSetup.exe
1736	InstGameInfoHelper.exe

Loads dropped DLL 7 IoCs

pid	Process
1192	62743db70c86f30f13ef48b5dc212731.exe
1192	62743db70c86f30f13ef48b5dc212731.exe
1192	62743db70c86f30f13ef48b5dc212731.exe
1192	62743db70c86f30f13ef48b5dc212731.exe
1660	iWinGamesSetup.exe
1660	iWinGamesSetup.exe
1660	iWinGamesSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral1/files/0x003300000000b1f4-16.dat	nsis_installer_1
behavioral1/files/0x003300000000b1f4-16.dat	nsis_installer_2
behavioral1/files/0x003300000000b1f4-19.dat	nsis_installer_1
behavioral1/files/0x003300000000b1f4-19.dat	nsis_installer_2
behavioral1/files/0x003300000000b1f4-20.dat	nsis_installer_1
behavioral1/files/0x003300000000b1f4-20.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1192 wrote to memory of 1660	1192	62743db70c86f30f13ef48b5dc212731.exe	29
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30
PID 1660 wrote to memory of 1736	1660	iWinGamesSetup.exe	30

C:\Users\Admin\AppData\Local\Temp\62743db70c86f30f13ef48b5dc212731.exe
"C:\Users\Admin\AppData\Local\Temp\62743db70c86f30f13ef48b5dc212731.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\iWinGamesSetup.exe
  C:\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\iWinGamesSetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\nse8B6F.tmp\InstGameInfoHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\nse8B6F.tmp\InstGameInfoHelper.exe"
    3⤵
    - Executes dropped EXE
    PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabAC39.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC6A.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8B6F.tmp\ftdownload.dat

Filesize
512B

MD5
3d1ea8b63b2d2645025aba6df0710530

SHA1
6a0f4fff4255188e695e2cd4bced9dc87491ba5c

SHA256
e7541de186c6e678693eb60422dbf8c2c8018e68dbca336073b604ee495b27a7

SHA512
caa53ff1ab763dca9b81da128a9cff0cca91fe8881c6833eca20dcbee641ea9f1517a5bcebfa703c6e5305c426cbc963681bd70d599ab5b381b628fe59d7b66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\iWinGamesSetup.exe

Filesize
2.0MB

MD5
ee16e4bfc2234b422b23c5ece6628b6a

SHA1
3b5d5ee82071d361aee4864cf730586a55c43a56

SHA256
73f6b1c06dcf9029b560b10fdfbda0d6f2c8ad9d72a471dfa64632bb815955b5

SHA512
124375575c1e74505caacc2563c9773a84441d50b51b9088e35a102787a6a11382427535f04f72723c4d5738d17f6b410268a721cde851171edb67606225272d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\iWinGamesSetup.exe

Filesize
2.2MB

MD5
07aa5bb55e3ee186391d9c6228bd1410

SHA1
07a8086e212dbac453bd7a19ba3c54b6d0aebdde

SHA256
553c317a276cb03fdcac2ad118b29e0f427bbf1dc524e1edadde7d297f92b50a

SHA512
86da2d0ee94544b922c9e150d75d5a2b9b3b84ba8bbf0666cb7fbf3c682425fc8d9f4edd2cc531c3a313d4bec8be4a5e1742d29343c4d845733942bd8ecfd0b3

Download Submit
\Users\Admin\AppData\Local\Temp\nse8B6F.tmp\InstGameInfoHelper.exe

Filesize
99KB

MD5
3d3d2bf9c42dbdf97247775c00f22190

SHA1
7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

SHA256
59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

SHA512
6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

Download Submit
\Users\Admin\AppData\Local\Temp\nse8B6F.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9A3E.tmp\iWinGamesSetup.exe

Filesize
3.1MB

MD5
e8adb0683110f72c506c9a485ef29234

SHA1
cd3bf75f2028d206f7068449ef9332822a8349b6

SHA256
73bbabad148e2976e9ad172403d1e291a706220430dfe7953181a6a74344d2d1

SHA512
8b0aed67983824a436d23beb737ae7c3806be62a852e1a5d82c026d020af120b97206b588f5c9a8ad6be4b44ec7d85ef1ef52479d2f39542e724de6b3720a70e

Download Submit