433c7aa8db2054e94c0304482a27c0929fb5369c0bc57bb77d988be61ab3b7b2

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5dc9191e7ab4c79b1837b35a0f79dfd.exe
Size

941KB
MD5

f5dc9191e7ab4c79b1837b35a0f79dfd
SHA1

be545f50f0af24fc9e46200329014659cf51b66b
SHA256

433c7aa8db2054e94c0304482a27c0929fb5369c0bc57bb77d988be61ab3b7b2
SHA512

c09566e535ff754a2fb8f4f105867574b3c22fe9af65dfef8b6a1af8cfab2336c4eea4d4932293bfe4a166f2db843654cbc659c5bd0b879691943f5edb86a42a
SSDEEP

24576:cADTAX+UF4RvzAp5AB4JWIDKzKjyEkdcKmFeDTAZ:3NMwB+WI1y4pQM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2548	f5dc9191e7ab4c79b1837b35a0f79dfd.exe

C:\Users\Admin\AppData\Local\Temp\f5dc9191e7ab4c79b1837b35a0f79dfd.exe
"C:\Users\Admin\AppData\Local\Temp\f5dc9191e7ab4c79b1837b35a0f79dfd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd58EA.tmp\ioSpecial.ini

Filesize
619B

MD5
4df98deabffb55dd37357d4f4167a96c

SHA1
ecb15ef193855cb6623bd8dc59c4b38821dbbcda

SHA256
e80753641719695e8e77ca8996bf94fafe301e24559138d9441c41cc1d3be9b4

SHA512
5e529680e2a434028123971bf015ef6857743fbff088da6aaa3b29d19806787daffba94abfab9d86caf04d79689b0f2f61fe1e5aa337ebadc4ef36d928177c64

Download Submit
\Users\Admin\AppData\Local\Temp\nsd58EA.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
\Users\Admin\AppData\Local\Temp\nsd58EA.tmp\ButtonLinker.dll

Filesize
7KB

MD5
dd85ac7d85c92dd0e3cc17dfd4890f54

SHA1
a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

SHA256
27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

SHA512
e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd58EA.tmp\InstallOptions.dll

Filesize
14KB

MD5
32aa6334fc543e70ef0f792bb9a0c45a

SHA1
54be1f5004f7e5afe7c9ba160495076ea2a4d60c

SHA256
610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2

SHA512
ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae

Download Submit
\Users\Admin\AppData\Local\Temp\nsd58EA.tmp\System.dll

Filesize
10KB

MD5
7d85b1f619a3023cc693a88f040826d2

SHA1
09f5d32f8143e7e0d9270430708db1b9fc8871a8

SHA256
dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18

SHA512
5465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85

Download Submit