Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
29-12-2023 18:05
General
-
Target
0001ffbe1e17d3d118b1103064a2a6a4.exe
-
Size
960KB
-
MD5
0001ffbe1e17d3d118b1103064a2a6a4
-
SHA1
82cfa29c31b4608c279f04cadc861656643a0233
-
SHA256
295967ac71f014113a7e7c10737ff8b1b3fbe65bd037995ee7a998f16b94144a
-
SHA512
f13b763d8802a0db807710cf642d8f0209e0356f7e50b4b5bc4720ce0887c88104b0d640cdedb1ccc1a3a0b53b1088234897dc62cd9a919b93eef68867733aea
-
SSDEEP
12288:l8n/v5n3XQ3E9LFZetKVsSEkaPYfQMlgZWjpeS3Pl4SAVAAumREYbDAtInAVFJRK:O/x0E9G6nbaPYd4WteS3PCXVAiEOiYH
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0001ffbe1e17d3d118b1103064a2a6a4.exe"C:\Users\Admin\AppData\Local\Temp\0001ffbe1e17d3d118b1103064a2a6a4.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsi5DB.tmp\ioSpecial.iniFilesize
687B
MD5cb20be632b4e677e217ec5ab59ef0018
SHA15433b8bf1ad1950957fffa58828dd877295170cb
SHA25633d7d87d422ec4b7db70644ae7e10e9d892ff79b015dbc351c31767fb53d031c
SHA512bbf9b4d62b88e23c859e6c924e866fe516c0490ca9c337719d68a6dbaae10856f24c8db6794f0cf5524afca27d43431604d4f63fd2fb9a58a7443721d10bf87b
-
\Users\Admin\AppData\Local\Temp\nsi5DB.tmp\InstallOptions.dllFilesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf