94c404d09277fe88f9cf089b2a2a6be423857832601308ba0786a23aa64ab063

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24dcc18c6b461abd257a4fc08b73d87b.exe
Size

9.9MB
MD5

24dcc18c6b461abd257a4fc08b73d87b
SHA1

f31ec0f8663b5fe53bc9cf3a968d85c21d868528
SHA256

94c404d09277fe88f9cf089b2a2a6be423857832601308ba0786a23aa64ab063
SHA512

061abef10070091606d8a9a6e9a85e0672c6d126b25915d5af8701a205bc3ae0b0fa62a2172ac9d842d51f16c72d08793b1886aada3944c18e8655e8e11c8f48
SSDEEP

196608:d6EA2JRCnw28bdHrHTSKPkRy+A2S9XnaILfaNcDVuCu8y:dRRGEHP9PkR8n1yNcDVvur

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1724	24dcc18c6b461abd257a4fc08b73d87b.exe
1724	24dcc18c6b461abd257a4fc08b73d87b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1724	24dcc18c6b461abd257a4fc08b73d87b.exe

C:\Users\Admin\AppData\Local\Temp\24dcc18c6b461abd257a4fc08b73d87b.exe
"C:\Users\Admin\AppData\Local\Temp\24dcc18c6b461abd257a4fc08b73d87b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy6A29.tmp\ioSpecial.ini

Filesize
610B

MD5
d50a048edf7d92a62051651434a43918

SHA1
4d9de2a578d6eba85f640e8937f29981efdfb3c4

SHA256
df58c85b43d125db7bb2bf89f7e0c31e19c1848dcf39bbb425efeed85f403c09

SHA512
f9462e6da2be9e6c91ce460154f92ff338b1d207da47d31ae77248d14e1a7726b8ed24e0cb0fea003f17863b903a6082da3095b011e953714c65ae086561a386

Download Submit
\Users\Admin\AppData\Local\Temp\nsy6A29.tmp\BrandingURL.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy6A29.tmp\InstallOptions.dll

Filesize
14KB

MD5
b18dfaded8f6d2380fdfd8f6b6969211

SHA1
969fa0e906240ab1123254feeb833c275626cf76

SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

Download Submit