b903deba25f4266e16f1768f3614a5901e3ff54f9cab4cc8662fb591db84ace6

Analysis

max time kernel
114s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f6e65e42febf4b357fd2b4981db00e4.exe
Size

699KB
MD5

1f6e65e42febf4b357fd2b4981db00e4
SHA1

5767ebe370981cb5ce2bbca7ce0e8c91bc6c3f3b
SHA256

b903deba25f4266e16f1768f3614a5901e3ff54f9cab4cc8662fb591db84ace6
SHA512

c633a13da9ba46048441c681d8455380b701c674a9a9bbd190c49a580b2d7ebf4cbfa85817bbd09b84f762b0795638418ef4f4e15c97b15d56a92da98728a8a7
SSDEEP

12288:phTCpOy31N9JttJKsxfpbFl7JzWHWmOgl71mQlbiwsXkMmNb1fi++IVGAml:phGA4BfnKslZ/EHWmOs1D9sXfYNVGP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1944	1f6e65e42febf4b357fd2b4981db00e4.exe
1944	1f6e65e42febf4b357fd2b4981db00e4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe
"C:\Users\Admin\AppData\Local\Temp\1f6e65e42febf4b357fd2b4981db00e4.exe"
1⤵
- Loads dropped DLL
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsu45A6.tmp\InstallOptions.dll

Filesize
13KB

MD5
d765c492c21689e3d9d61634371fd861

SHA1
ac200933671ae52c9d5544d0e2e8e9144d286c83

SHA256
551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

SHA512
9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu45A6.tmp\System.dll

Filesize
10KB

MD5
fe24766ba314f620d57d0cf7339103c0

SHA1
8641545f03f03ff07485d6ec4d7b41cbb898c269

SHA256
802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

SHA512
60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu45A6.tmp\ioSpecial.ini

Filesize
748B

MD5
1ca9da34adbe1eab638822c20de14b10

SHA1
b09f995a0638cd7744ae516d86433db307fec5be

SHA256
936926c91241bd4a0466f20652c5daae8bca7a0dc2a5d0b6c5f1d5ffa2251f51

SHA512
c6c0df87b1d11acadac0c360b40212a0c7e80a80447ffaae1a8b4cd6c2201804b2130c63ef83cf106f3ccb5f37eee5d5a63f424e6bf55ad641db2b6d8a43e1e7

Download Submit