e4ba99c960e6a5954ebf39d79485971ba33b45332cef0ac72efc5b79437b92fd

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

280518760738f09e4be487770f236164.exe
Size

145KB
MD5

280518760738f09e4be487770f236164
SHA1

8eaf8130c37a3993740abea935a833e03372e2d4
SHA256

e4ba99c960e6a5954ebf39d79485971ba33b45332cef0ac72efc5b79437b92fd
SHA512

ae2129e7f4566c26fb7e2c126d9c673d9f58e225dfc0dc4836669f53ace1bc0a8f3a3d689e1d10cbfd2f7937ad6e1bb44be3157be9fbb576c9f4601439916df4
SSDEEP

3072:K4ggWKpa/cdiJUjd/c9cQ+Nlq/vNXhZuODjel7/M9h14enT4wo:xHa/Gbjd/CL22vNXhZuGedGh14M0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
2232	280518760738f09e4be487770f236164.exe
2232	280518760738f09e4be487770f236164.exe
2232	280518760738f09e4be487770f236164.exe
2232	280518760738f09e4be487770f236164.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\280518760738f09e4be487770f236164.exe
"C:\Users\Admin\AppData\Local\Temp\280518760738f09e4be487770f236164.exe"
1⤵
- Loads dropped DLL
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd1019.tmp\NSISdl.dll

Filesize
12KB

MD5
e4145a76f37b199c3cb9ab8d23c3c1d6

SHA1
b6beecaaf0f29d02f293e07954ebd7f7df25160b

SHA256
ab657405df2b4d86793a4959a7c8c86ffbcc732733bc884f001fcb1219e68a9d

SHA512
9fe0796a76998b80c2d34825ba0256147cb8104bf2b39fa3d8642ab8a7ef99cf2fd9715bb73661b4e42c47125a22d96e1e85abb88018bfc97548823f7a254b06

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1019.tmp\Splash.dll

Filesize
4KB

MD5
086ecd24cb4b2e25611bbc54e4939643

SHA1
8e409dfc32462138a18777589a9f35602097a2f1

SHA256
7cc10ff0b6aa730f180614ae367d8f4ce6a81945ae71fb86ae7008eede88f966

SHA512
2a556679b4cf1c20978f5e305af73a17b9e14a1c6cde39a59aeef0ca0cdef95b22bb4dd89ffd05b544e8aed2fb1140879eaa0d52c8cd20e199b056fe82c91591

Download Submit