211c71311c345d1534af88a8ff3e348610f9058ecd78fe15d5d270b47dec666b

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

039df3682c669d012a722554365b681f.exe
Size

76KB
MD5

039df3682c669d012a722554365b681f
SHA1

b47c0be7a997b579e971009aeef8a1ae05e5d3ed
SHA256

211c71311c345d1534af88a8ff3e348610f9058ecd78fe15d5d270b47dec666b
SHA512

41726a9a5eb8a678cd6429a5df59081f8cedaf91feade252c365e5798d472aa0746748daf9d3414de48c3223414b239b4765f0057487984b77c047daf9c0ffd2
SSDEEP

1536:zLXB65939tY6HBg4sXJp+ekp6jC+/ClJUDS8qcy4rLnV+:zLk395hYXJpS4WKC8Djy4fnM

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4084	iWinGamesSetup.exe
3492	InstGameInfoHelper.exe

Loads dropped DLL 8 IoCs

pid	Process
2452	039df3682c669d012a722554365b681f.exe
2452	039df3682c669d012a722554365b681f.exe
2452	039df3682c669d012a722554365b681f.exe
4084	iWinGamesSetup.exe
4084	iWinGamesSetup.exe
4084	iWinGamesSetup.exe
4084	iWinGamesSetup.exe
4084	iWinGamesSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x000600000002323a-15.dat	nsis_installer_1
behavioral2/files/0x000600000002323a-15.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4084	2452	039df3682c669d012a722554365b681f.exe	99
PID 2452 wrote to memory of 4084	2452	039df3682c669d012a722554365b681f.exe	99
PID 2452 wrote to memory of 4084	2452	039df3682c669d012a722554365b681f.exe	99
PID 4084 wrote to memory of 3492	4084	iWinGamesSetup.exe	101
PID 4084 wrote to memory of 3492	4084	iWinGamesSetup.exe	101
PID 4084 wrote to memory of 3492	4084	iWinGamesSetup.exe	101

C:\Users\Admin\AppData\Local\Temp\039df3682c669d012a722554365b681f.exe
"C:\Users\Admin\AppData\Local\Temp\039df3682c669d012a722554365b681f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\iWinGamesSetup.exe
  C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\iWinGamesSetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\InstGameInfoHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\InstGameInfoHelper.exe"
    3⤵
    - Executes dropped EXE
    PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\ftdownload.dat

Filesize
512B

MD5
71e8a32f5696267cdf06a715828a24d6

SHA1
ddab015b1f22e8ac123b92cdeba2643e5285161e

SHA256
777fed81f5e17be2558b77bd3f4858e9086c1012f9315e3edf227a7dbfc8c5b1

SHA512
eed938c231220546cfce702c8e3b55ded9b1e0eb1b95f2b3cd61262eff484cd31982b78c813f39a74fa15dbf256717e0e5a871e521ad9d556e3be091610d2f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc5891.tmp\iWinGamesSetup.exe

Filesize
3.0MB

MD5
1d41f48ab27d82d0edb26ecbfbcaa084

SHA1
2230f915221ce58b2a559a89ee7bad2c8a008e43

SHA256
5624944d702bddaf08a8814aa73253b2a61b3d825ecd27f13cb89854319646af

SHA512
02737d683330e7a4845a7e19300ea89662b75d2adf69ae438d5cad83b797eb11492c105270943468fa406273c97cce6d6a79f46d74602c0fac46ea01e04fc4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\BgImage.dll

Filesize
7KB

MD5
0e6d71e08eb5f3fe111c2fc10cf3f669

SHA1
e50d07fa89a8a36e39196ef91ee10e6ce7e96289

SHA256
df4ae53731440c2a7fbabac6ded7684fadc03c050c3190a6ec38b1eaf88b76b9

SHA512
20325b41ea54f8aeae09a127e15400d462e99a86365d8b82d4b2d2cc13db6d7ecbb9e5db23091d8b68a92b3bb8cf87fabf9decd3f77089e32af2cdbfd705b77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\InstGameInfoHelper.exe

Filesize
99KB

MD5
3d3d2bf9c42dbdf97247775c00f22190

SHA1
7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

SHA256
59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

SHA512
6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\gametitle.txt

Filesize
8B

MD5
77933845adf83758a686a08ea46f015e

SHA1
02a281c1fcbf0202486c58c1ed4907555d976b74

SHA256
a43ef3822aab2b1a53a0cc03f43c0a34ea4faea004383010374fd04677ee8cb2

SHA512
b840822fa9d26e16364e19a9d8fa4ac763b4e9761deb4722c29f6c8164659bbd6d992a40c1f4f2c0955d33c786b9ec19ba3d402ae5729508ba2aaed2fe61daef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8175.tmp\tn_feat.bmp

Filesize
4KB

MD5
9f6262a028f04dedc88566470012787b

SHA1
68a5b12af991acfcb76e0ed78de09319e6c6eef2

SHA256
fe598bb98b1c37cda619c9e75c7852ac3ed237930f512e84b0170efbbc82ec5e

SHA512
165928fdfc3b182fb502558f7616f4f86d282152eeb025133cbc5f98bd27dd4e21ac62cdbd361c021444f08d718a531c77beb69bb3851a24fa8f9ae372e9bef8

Download Submit