05fe1ece813243883d34016f86efd00d79f217ddf4f7c43cc03de862d770acfa

Analysis

max time kernel
1s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

108ea3a055c592be52d71d96d56231a3.exe
Size

212KB
MD5

108ea3a055c592be52d71d96d56231a3
SHA1

c6ebf574b881167180bc3eeb844cb66502886b6a
SHA256

05fe1ece813243883d34016f86efd00d79f217ddf4f7c43cc03de862d770acfa
SHA512

6aa1064805d18a6862fb05919a89a9ec4ecdbb372fb6f2b14c78d4d2647152d5090f5376a4ff457e951bd5add11e704d6f6c18a8340fc27192841e5b1bafa0da
SSDEEP

6144:lsg7FZUxe5yGjIn7us0Ia7KRAlNzjImVV0:TTULGjInptYflNzN0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2292	108ea3a055c592be52d71d96d56231a3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}	108ea3a055c592be52d71d96d56231a3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\id0 = "01012024"	108ea3a055c592be52d71d96d56231a3.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe
2292	108ea3a055c592be52d71d96d56231a3.exe

C:\Users\Admin\AppData\Local\Temp\108ea3a055c592be52d71d96d56231a3.exe
"C:\Users\Admin\AppData\Local\Temp\108ea3a055c592be52d71d96d56231a3.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\accept2.bmp

Filesize
9KB

MD5
3333fc62c62f2f9f3342225dd66374b4

SHA1
de15e4426d8c0bb7010852e3da6ac72c188cc458

SHA256
0ac560ab6982a4c4e4fe0306316ba72274dd9042caefdfbb46712f3e7cc6a3d2

SHA512
c8afcbdd1c965a59aceb8c2b24dca9ffaec2c77b94096064b2cebcfda73add4a06ed83e2e1aa170844c1b948c3dfa389955ba17db9793d5a320c61c8b9111e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\inetc3.dll

Filesize
25KB

MD5
9d8ce05f532dc7b5742831ec8a63c2d8

SHA1
b014365f723c78a84bcdf8a46cfa016eb2b8dbc5

SHA256
fcc46c2e60931a76fe529a9fa5a85ba2f4bf7907d651161f92fc524ac4747982

SHA512
98f268bebf0c82d019873a7b109e1822011c0532e6a6d8ba94d2b8a918d9558f4db89100b6ee357c9c510ff56adc349e619489fd7e8d21e7f826877185ede3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\inetc3.dll

Filesize
1KB

MD5
5a25b7bc209e4d27dfcc1607e578b686

SHA1
cee71f248e9b75a2005398c931a8b42992fdc7db

SHA256
7b3ba30c113f9cf3f241f9084b32d995d1364c89f137380068a16af38e91aed6

SHA512
b73dfa4b6cff622f0aa84def0f76c5e43fd12cb210f0c1c3c5ee5c5caca0ba571c473de528653e1b5f128e1279ec05d7464810accd98bf66a5cbd53e1ae13b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\inetc3.dll

Filesize
5KB

MD5
85f86921871533aabf2e1d593e1699b1

SHA1
c0c2d672fd3e81ac1a4e1186e0abb7210b544186

SHA256
9eed8ba55d9d0f91556612ff265fc232a9fe42a2668cc68aa30ce1289cf2bf46

SHA512
89524c2403c51b8889ae24114b179264747e3171b43036c72955b10f0372239197c5f6a61599ffbebfa884c1fbe2a0d139e24fc4053d4505c4bebc00d86859d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\nsDialogs.dll

Filesize
1KB

MD5
8cd3cbb8d61438d5fcb3fb4bce42c2e3

SHA1
7f7cdcb58a9c0972f899727c6ccb98730fbea430

SHA256
f714edbed0f2a9d7bfb97927781b5d6cfa4ebf853d428e77dd12600510750941

SHA512
767cfe35c8faf3934fcb82ea6d43185655e4e84ea7d5f6baa110ca0f2bef7d297c5dd38273502ec4aaaa3554fd77d92da91d50a25a62cbd0eae28859541fc459

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735D.tmp\nsDialogs.dll

Filesize
4KB

MD5
f90857642bbeecbc6a9b7a7b8349250e

SHA1
beb0c469899151ca510eb9c5ded970c99b5edc6a

SHA256
c869e2324d56483fdfda2c566eb07d4034e0d8dc8fcc19b62a7562290c18cc38

SHA512
39b3e376d6c5f0aee777e5b9a6b9968235e493d07cd945320be0cd9d4229f6237f567b6483b6d166e2aab2a8dd620f66e64421258b5da47469a3613fa7f050a2

Download Submit