Overview

overview

7

Static

static

3

1f6e65e42f...e4.exe

windows7-x64

7

1f6e65e42f...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f6e65e42febf4b357fd2b4981db00e4.exe

  • Size

    699KB

  • MD5

    1f6e65e42febf4b357fd2b4981db00e4

  • SHA1

    5767ebe370981cb5ce2bbca7ce0e8c91bc6c3f3b

  • SHA256

    b903deba25f4266e16f1768f3614a5901e3ff54f9cab4cc8662fb591db84ace6

  • SHA512

    c633a13da9ba46048441c681d8455380b701c674a9a9bbd190c49a580b2d7ebf4cbfa85817bbd09b84f762b0795638418ef4f4e15c97b15d56a92da98728a8a7

  • SSDEEP

    12288:phTCpOy31N9JttJKsxfpbFl7JzWHWmOgl71mQlbiwsXkMmNb1fi++IVGAml:phGA4BfnKslZ/EHWmOs1D9sXfYNVGP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe
    "C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsiA20.tmp\ioSpecial.ini
    Filesize

    747B

    MD5

    ac47c051217831f41e034d19b10bbf0d

    SHA1

    b91ae0d8dd50c75aeb41db6b347e824992f878e8

    SHA256

    77b62a5b021f785d630a8df42938715ff5ec5c9c7ffdb7a3eac8bf74e0a966dc

    SHA512

    32caf05a609e455a741a428e79bc857b2f778d2d3ba0d1d6b5fa0c225b271cd835ec70f9ef62cc2d1388ed2d65666461b471881a849d768a35aab9da46fdd94b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiA20.tmp\InstallOptions.dll
    Filesize

    13KB

    MD5

    d765c492c21689e3d9d61634371fd861

    SHA1

    ac200933671ae52c9d5544d0e2e8e9144d286c83

    SHA256

    551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    SHA512

    9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    Download Submit