f36c49ee6579d11ca45092fef252ab6364043ad83f6ca206f9ba019afa761cf7

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:26

Target

06dfc9fa9c2c262460069c7e85c4b36f.exe
Size

558KB
MD5

06dfc9fa9c2c262460069c7e85c4b36f
SHA1

953d4f8ea57e2577cd3d48c19b8ec43f78f71cc6
SHA256

f36c49ee6579d11ca45092fef252ab6364043ad83f6ca206f9ba019afa761cf7
SHA512

19e88da1e4514b531e9b034e80743227149a554437bd9c3c00e96ba14f6f45fc0f3060920aa4db7c57a55c335e43d26077c92c345c6cdb8071ac5d51c41e9b0a
SSDEEP

12288:Fla8UjwZQHW1F/K6fBEtdK7WGCMnA0xfpfx1k:Fl2w+HspEvK7WGCwAup51k

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
4248	06dfc9fa9c2c262460069c7e85c4b36f.exe
4248	06dfc9fa9c2c262460069c7e85c4b36f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\06dfc9fa9c2c262460069c7e85c4b36f.exe
"C:\Users\Admin\AppData\Local\Temp\06dfc9fa9c2c262460069c7e85c4b36f.exe"
1⤵
- Loads dropped DLL
PID:4248

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsg5778.tmp\NSISdl.dll

Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit