e1a910d542253127c3fdd2f96b2e999b8e3bcf408826555fdfa85fa2f1d161c4

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04ff89900232c41ce82969f6fbe87d65.exe
Size

47KB
MD5

04ff89900232c41ce82969f6fbe87d65
SHA1

b6301654a7d53c538fc7423c2c690ca13c619f83
SHA256

e1a910d542253127c3fdd2f96b2e999b8e3bcf408826555fdfa85fa2f1d161c4
SHA512

a85ca42665702521a4ed4bfbb3d4179c2269cc0d1929534408960f88381261fff1d272ea6ef28c9e817612f6039bcd6b93680997788370205db83a58ad5f0466
SSDEEP

768:DeqgM/4bLQtJL9vFlkxjiFHgZBmwC6Zjn5C42M3wJJg+gd2iZQAm6kRRS+NoJRnv:iqBwbLWJLJFKqAZzrZA4kJJ3gdLeAyNs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1376	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x00070000000231ea-3.dat	nsis_installer_1
behavioral2/files/0x00070000000231ea-3.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 1376	4032	04ff89900232c41ce82969f6fbe87d65.exe	87
PID 4032 wrote to memory of 1376	4032	04ff89900232c41ce82969f6fbe87d65.exe	87
PID 4032 wrote to memory of 1376	4032	04ff89900232c41ce82969f6fbe87d65.exe	87

C:\Users\Admin\AppData\Local\Temp\04ff89900232c41ce82969f6fbe87d65.exe
"C:\Users\Admin\AppData\Local\Temp\04ff89900232c41ce82969f6fbe87d65.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
47KB

MD5
04ff89900232c41ce82969f6fbe87d65

SHA1
b6301654a7d53c538fc7423c2c690ca13c619f83

SHA256
e1a910d542253127c3fdd2f96b2e999b8e3bcf408826555fdfa85fa2f1d161c4

SHA512
a85ca42665702521a4ed4bfbb3d4179c2269cc0d1929534408960f88381261fff1d272ea6ef28c9e817612f6039bcd6b93680997788370205db83a58ad5f0466

Download Submit