ddf29aa7c938c9118f9675c2ce6d3ba08b22b80c38052a34219afa0a341c43f9

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 09:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

638cfffa2f94398eb16021ca6c648c45.exe
Size

473KB
MD5

638cfffa2f94398eb16021ca6c648c45
SHA1

c2288c84485071db0f6a29bf29d5b72964999325
SHA256

ddf29aa7c938c9118f9675c2ce6d3ba08b22b80c38052a34219afa0a341c43f9
SHA512

87f2a3876c2fe5129e551c09a4ef3572040d6cca4122bb7926d2be9b5fecc7e27446ca01aa00ba95750a057e79e58eb4ac048c059a3c09968540c12e9aad459f
SSDEEP

6144:+CKXw5Z8lU2wqdIsw1NbzbeNrk2z5lFaZf21L9m7zPGXJRPm/vLv1WN1yNr1DBKU:+XEotwq4X+ylOm7eJRPmpnNrKVUqLmiA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2548	638cfffa2f94398eb16021ca6c648c45.exe
2548	638cfffa2f94398eb16021ca6c648c45.exe
2548	638cfffa2f94398eb16021ca6c648c45.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe
"C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe"
1⤵
- Loads dropped DLL
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\AdvSplash.dll

Filesize
6KB

MD5
c16e99e77b8e9a4ac4621ee85527c727

SHA1
d527d14dcc209c485b6979166eef83ec1a8c6e4a

SHA256
3caa4b6585ce3fdbf4229878aab77c30af507691153add91aabf7404b3c99b7e

SHA512
590c1b5a55b91a3f6df388363132d9560a5fc09f5e3d5c440b3939660a777c6d1cc69df9d696b73545d95e70fca8616193c162cd086b3757e82e0e1d129ae765

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\InstallOptions.dll

Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\LangDLL.dll

Filesize
5KB

MD5
e79062d4e5969b67241a96bad058dd07

SHA1
67adf76bc6718e87633ad2669119a4cfac71fb5c

SHA256
7e49f8b791231c84e80eee56c5dfe8ee6feabe7fb6efba2c30a1ae1621c9e509

SHA512
6269f26ee92a7576e8e17b156cf2cf90c862c007c684a44e55194d2aef605de5304b9e7822a001db477bc672c52db4e64db7f02e4684488705d594698035a0ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp52D4.tmp\ioSpecial.ini

Filesize
746B

MD5
fcf5d6ff71baa1f7448752318afb749b

SHA1
aa15d5221ac72bff63251342394220b69ccbde5f

SHA256
9463b37e0d4f869cb1419690675a46404c1c43b1391f33262da55573987a28bf

SHA512
a9193adefb9cc35ab4cfad542f790c98b76f330bdfe5587c4820e49b79447c98f5f3c64d1389142f1fd7870160768b68cda4f1eaf34d7cf640b4fb13e5f1cf0c

Download Submit