7d2411ec44f9d62c21606110c4552cf27e7f96201ff9540bd4e3d333ac9fdf95

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb575b81ad1e487b50b566ff5cbf3233.exe
Size

124KB
MD5

fb575b81ad1e487b50b566ff5cbf3233
SHA1

cd47476ee360e2daa78425ec08fd21aaf42db6ad
SHA256

7d2411ec44f9d62c21606110c4552cf27e7f96201ff9540bd4e3d333ac9fdf95
SHA512

69a9a553b6eb6612cd0a56079a5e97068bdb409aad28a89a3be5838689da2b74a3ca2def2ae91c1188ebc6f0493d3ea9dad03a3899f8e309fce7bb2fff6e556d
SSDEEP

3072:/Lk395hYXJC45616+PtnOYRoKlYHjy4dR3uINyLjY/Xz:/QqQJ1TLiKCHjtdReIgs/z

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe
2804	fb575b81ad1e487b50b566ff5cbf3233.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\1ClickDownload\Real Steel 2011 BRRiP XViD AbSurdiTy.torrent	fb575b81ad1e487b50b566ff5cbf3233.exe
File created	C:\Program Files (x86)\1ClickDownload\1ClickDownload.exe	fb575b81ad1e487b50b566ff5cbf3233.exe
File created	C:\Program Files (x86)\1ClickDownload\OneClickLib.dll	fb575b81ad1e487b50b566ff5cbf3233.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2804	fb575b81ad1e487b50b566ff5cbf3233.exe

C:\Users\Admin\AppData\Local\Temp\fb575b81ad1e487b50b566ff5cbf3233.exe
"C:\Users\Admin\AppData\Local\Temp\fb575b81ad1e487b50b566ff5cbf3233.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd873A.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsd873A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd873A.tmp\inetc2.dll

Filesize
24KB

MD5
a44440ef6425e359677fb0689f2187d9

SHA1
3c81aaa99afd6f12edaf4994d52391dff1200553

SHA256
a8225e4f81de78d3d372c18695a5723406c4292fdd8c2b9cb03aadbc0b127d60

SHA512
b3c0b80d8fa08e90aaaa8a32e659d7b71dc0bd4871a18d7dc03886061a5f224c48b1e204e6cd2b2403336659683b2c874b0eed47740e449623644c077e1103a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd873A.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit