d2bc8d01b79e6d96cdbf0ec55fbf4ebc8d3184df254d9a5af2dcfa8e099f51d1

Analysis

max time kernel
197s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24b06cf8c84fcb5e8e05f976a227923e.exe
Size

281KB
MD5

24b06cf8c84fcb5e8e05f976a227923e
SHA1

207b4713304b1236cd9956cad7c77e842a47f001
SHA256

d2bc8d01b79e6d96cdbf0ec55fbf4ebc8d3184df254d9a5af2dcfa8e099f51d1
SHA512

ac4a29e25e26d19f32d81b2c117dc921a69b2445115f3a2816ac6cc8e1f317cecbc1501cff2bfe076721fe0485e0a320ec714897cffcd5aff5e9809248ae7b33
SSDEEP

6144:iJgaWgScQj8JcWCAiplVSIuDgB/+kU24LIDAiqqhcnnoS0:KCcXEFYIEe+kUJMA7oF

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
2144	24b06cf8c84fcb5e8e05f976a227923e.exe
2144	24b06cf8c84fcb5e8e05f976a227923e.exe
2144	24b06cf8c84fcb5e8e05f976a227923e.exe
2144	24b06cf8c84fcb5e8e05f976a227923e.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2144-0-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/2144-88-0x0000000000400000-0x0000000000434000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\24b06cf8c84fcb5e8e05f976a227923e.exe
"C:\Users\Admin\AppData\Local\Temp\24b06cf8c84fcb5e8e05f976a227923e.exe"
1⤵
- Loads dropped DLL
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm7B48.tmp\InstallOptions.dll

Filesize
12KB

MD5
83304a78d2b6ea45ea8404f4cd78721f

SHA1
d5c5d19653c751c08579dd094bcc9fef1841af00

SHA256
92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

SHA512
94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B48.tmp\System.dll

Filesize
10KB

MD5
d4d09da0218ba046a66a294f0cca9dfe

SHA1
417b1acdeb0a4de6ac752a93080ca5b9164eb44b

SHA256
9090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3

SHA512
3bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B48.tmp\ioSpecial.ini

Filesize
700B

MD5
e53c9da8d990d090c31bb1f5dbcafe59

SHA1
993d72adc83a979f934da6f99b13bfc64fd68f10

SHA256
8edf45f7cb65eee4db7160e79f4ea59282600fee731436b69addf0ca44192306

SHA512
4efd590ea88d2bfef3d94419738c99dd0e5ee4f61c2558ac467ef4ff8080811eae99844c65e9e24b727926d7fdc45b6bb8ebfa05fc2bb2031386365444841302

Download Submit
C:\Users\Admin\AppData\Local\Temp\yok\PROTECT.dll

Filesize
48KB

MD5
3a38458bb8b1c29daf036069f932561b

SHA1
61e6f0c7253a3cf0227d6726a4fefcff61932830

SHA256
295473742bb0a486cee8dce80e87201109c1e623e4ce3160dc4cfdd8e8318974

SHA512
5c8736402d68615d7b0eb5fcd4730df6878953231a436fb47a196dcc67420a598570e1eb9d083b1690c2cabc7ca3bcf2f7e8084e48c234901ca7ca0d32446b79

Download Submit
memory/2144-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2144-88-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download