e951ec5af5e557064bb11ffa68e19b8a27de1e58b2156d02292ce0d412774664

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f78a9f10fd3efe32e73219457ad74806.exe
Size

713KB
MD5

f78a9f10fd3efe32e73219457ad74806
SHA1

cab9aa9f69c500d81e43c83bbc0a11fcf5776a64
SHA256

e951ec5af5e557064bb11ffa68e19b8a27de1e58b2156d02292ce0d412774664
SHA512

1f9b6e33aa1f9bacd93fc74d145d93c73d87ba519a6a73883d6cce58c0e18a2afd9516ae10e70b5586fd8f16295cd87a65229c962c3b093b35a7dcffebfa63d4
SSDEEP

12288:AephUn9q9qhyqQz9Ava54IGFvTLAk6xeO2enHf9dHryGhMg:Xpiw9OVPa5hGFvTLAkWFdrMg

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2236	f78a9f10fd3efe32e73219457ad74806.exe
2236	f78a9f10fd3efe32e73219457ad74806.exe
2236	f78a9f10fd3efe32e73219457ad74806.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	f78a9f10fd3efe32e73219457ad74806.exe

C:\Users\Admin\AppData\Local\Temp\f78a9f10fd3efe32e73219457ad74806.exe
"C:\Users\Admin\AppData\Local\Temp\f78a9f10fd3efe32e73219457ad74806.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj7FBD.tmp\AlwaysOnTop.dll

Filesize
2KB

MD5
85e0fc37011666cc7fa109058a8f2d5d

SHA1
444daf945cc1276a77721e17849c5c468a6ef0c7

SHA256
e37ed1a30671f98573089d9c4e3c2416aa3b598521d5f7271ab6ace73d511680

SHA512
988a10a1c764358162b623f8a434e9034c3dbdb0fd32cfdb14d1173a3d501b7d7f18e93055de3daf28d5d9d0ba39799f219d1e002925b2e23d062bd73f8703f2

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7FBD.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit