d2bc8d01b79e6d96cdbf0ec55fbf4ebc8d3184df254d9a5af2dcfa8e099f51d1

Analysis

max time kernel
178s
max time network
31s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24b06cf8c84fcb5e8e05f976a227923e.exe
Size

281KB
MD5

24b06cf8c84fcb5e8e05f976a227923e
SHA1

207b4713304b1236cd9956cad7c77e842a47f001
SHA256

d2bc8d01b79e6d96cdbf0ec55fbf4ebc8d3184df254d9a5af2dcfa8e099f51d1
SHA512

ac4a29e25e26d19f32d81b2c117dc921a69b2445115f3a2816ac6cc8e1f317cecbc1501cff2bfe076721fe0485e0a320ec714897cffcd5aff5e9809248ae7b33
SSDEEP

6144:iJgaWgScQj8JcWCAiplVSIuDgB/+kU24LIDAiqqhcnnoS0:KCcXEFYIEe+kUJMA7oF

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2900	24b06cf8c84fcb5e8e05f976a227923e.exe
2900	24b06cf8c84fcb5e8e05f976a227923e.exe
2900	24b06cf8c84fcb5e8e05f976a227923e.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-0-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral1/memory/2900-87-0x0000000000400000-0x0000000000434000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2900	24b06cf8c84fcb5e8e05f976a227923e.exe

C:\Users\Admin\AppData\Local\Temp\24b06cf8c84fcb5e8e05f976a227923e.exe
"C:\Users\Admin\AppData\Local\Temp\24b06cf8c84fcb5e8e05f976a227923e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse3E5A.tmp\ioSpecial.ini

Filesize
700B

MD5
c4176b0e9aa1554fe9878d986be23ca7

SHA1
1f43ae96629695fe7681e77c867b3e872b308b5c

SHA256
c9681dfeb62d173b2f47ea46a9adf0d4ea2a0995efa63fabe8187dd88e140d0b

SHA512
b1e0328481d56e71247dedc1d6680c92f0e5763f7dcb6a83becb9f7d123d738730141374becf87e0384fa4567e5549dd1015103ba32c59f31aac40aac12c91e0

Download Submit
\Users\Admin\AppData\Local\Temp\nse3E5A.tmp\InstallOptions.dll

Filesize
12KB

MD5
83304a78d2b6ea45ea8404f4cd78721f

SHA1
d5c5d19653c751c08579dd094bcc9fef1841af00

SHA256
92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

SHA512
94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

Download Submit
\Users\Admin\AppData\Local\Temp\nse3E5A.tmp\System.dll

Filesize
10KB

MD5
d4d09da0218ba046a66a294f0cca9dfe

SHA1
417b1acdeb0a4de6ac752a93080ca5b9164eb44b

SHA256
9090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3

SHA512
3bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf

Download Submit
\Users\Admin\AppData\Local\Temp\yok\PROTECT.dll

Filesize
48KB

MD5
3a38458bb8b1c29daf036069f932561b

SHA1
61e6f0c7253a3cf0227d6726a4fefcff61932830

SHA256
295473742bb0a486cee8dce80e87201109c1e623e4ce3160dc4cfdd8e8318974

SHA512
5c8736402d68615d7b0eb5fcd4730df6878953231a436fb47a196dcc67420a598570e1eb9d083b1690c2cabc7ca3bcf2f7e8084e48c234901ca7ca0d32446b79

Download Submit
memory/2900-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2900-2-0x0000000000240000-0x0000000000274000-memory.dmp

Filesize
208KB

Download
memory/2900-1-0x0000000000240000-0x0000000000274000-memory.dmp

Filesize
208KB

Download
memory/2900-87-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2900-89-0x0000000000240000-0x0000000000274000-memory.dmp

Filesize
208KB

Download