b903deba25f4266e16f1768f3614a5901e3ff54f9cab4cc8662fb591db84ace6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f6e65e42febf4b357fd2b4981db00e4.exe
Size

699KB
MD5

1f6e65e42febf4b357fd2b4981db00e4
SHA1

5767ebe370981cb5ce2bbca7ce0e8c91bc6c3f3b
SHA256

b903deba25f4266e16f1768f3614a5901e3ff54f9cab4cc8662fb591db84ace6
SHA512

c633a13da9ba46048441c681d8455380b701c674a9a9bbd190c49a580b2d7ebf4cbfa85817bbd09b84f762b0795638418ef4f4e15c97b15d56a92da98728a8a7
SSDEEP

12288:phTCpOy31N9JttJKsxfpbFl7JzWHWmOgl71mQlbiwsXkMmNb1fi++IVGAml:phGA4BfnKslZ/EHWmOs1D9sXfYNVGP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2976	1f6e65e42febf4b357fd2b4981db00e4.exe
2976	1f6e65e42febf4b357fd2b4981db00e4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2976	1f6e65e42febf4b357fd2b4981db00e4.exe

C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe
"C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsiA20.tmp\ioSpecial.ini

Filesize
747B

MD5
ac47c051217831f41e034d19b10bbf0d

SHA1
b91ae0d8dd50c75aeb41db6b347e824992f878e8

SHA256
77b62a5b021f785d630a8df42938715ff5ec5c9c7ffdb7a3eac8bf74e0a966dc

SHA512
32caf05a609e455a741a428e79bc857b2f778d2d3ba0d1d6b5fa0c225b271cd835ec70f9ef62cc2d1388ed2d65666461b471881a849d768a35aab9da46fdd94b

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA20.tmp\InstallOptions.dll

Filesize
13KB

MD5
d765c492c21689e3d9d61634371fd861

SHA1
ac200933671ae52c9d5544d0e2e8e9144d286c83

SHA256
551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

SHA512
9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

Download Submit