28fd607658e9407c5808f01624084fbf8fde13717229f60d495de4f54ad4a992

Analysis

max time kernel
144s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3877b269f325a753eb666a3062d81a4b.exe
Size

555KB
MD5

3877b269f325a753eb666a3062d81a4b
SHA1

8c65ace2590289e86a498d38f069b666d020e5ac
SHA256

28fd607658e9407c5808f01624084fbf8fde13717229f60d495de4f54ad4a992
SHA512

81f58dea62d7d4c87c09c0ff81773fac16a2660d52eb17498d49d53e76a42e4c46e6e4ba30bc02f10c9bd945efdb416a2411c6fd3681cf147b8a7a65f5db055f
SSDEEP

6144:Je34R2ps+Mzh36dqXEV2rnCeZG/t7FTBqTzP7n7O7L6K2Bfo7pN:h2qxzh36VV2Go0ZTsnz7O7L6ju7pN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2012	3877b269f325a753eb666a3062d81a4b.exe
2012	3877b269f325a753eb666a3062d81a4b.exe
2012	3877b269f325a753eb666a3062d81a4b.exe
2012	3877b269f325a753eb666a3062d81a4b.exe
2012	3877b269f325a753eb666a3062d81a4b.exe
2012	3877b269f325a753eb666a3062d81a4b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3877b269f325a753eb666a3062d81a4b.exe
"C:\Users\Admin\AppData\Local\Temp\3877b269f325a753eb666a3062d81a4b.exe"
1⤵
- Loads dropped DLL
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\BrandingURL.dll

Filesize
1KB

MD5
d1a3e5879b115dd095d50ebf60a803e5

SHA1
4c31a96e65c0f369334291ce85392122fa4f0dab

SHA256
1c1eb5301ca20ecc3e10877172242915ab92aa4858f1fccc01cbde51724bf35a

SHA512
dedf5fa9bc903e2c28479d87f6dfcfd78ceb532fabb73d06b5b1f5341d7dbee87eb04cefec5b8c1bd1521ca6134afc7eea09babe29a6776ab92bbec9d42badf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\InstallOptions.dll

Filesize
13KB

MD5
dc83791a9aebeecd626cf041510bb59e

SHA1
07e86a628650120fe6d0a255374a0b3d9459be93

SHA256
f988f5ba267460b678db5538de4b4865325e21a75bc9dec745842d156af3e033

SHA512
6eff3ff19683f73d40b278483b45ce349d8236fa1ea942a2dbb86d90e7c21a19d26e30c8c778e331d643e4572a7d048de415c8220651e2bc288e7c53da12951b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\InstallOptions.dll

Filesize
1KB

MD5
3329d38032108baa7b6ae7d7f3b1d0ad

SHA1
ebfcc90ad9c2da4b3434fe0bb71ee2126566cad8

SHA256
02e5512741a1f10089165c72cad4acfab89a2b2eda022fef74bc5ce397db6d77

SHA512
950f0d42db048f21a71e15afe3fbc4bc607dd754b84907039f76edc1dbf0d6c44157d57ac629a1a1d2e846d153b49a2482ad8e257b817c629a196db4bf65c29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\UAC.dll

Filesize
17KB

MD5
09caf01bc8d88eeb733abc161acff659

SHA1
b8c2126d641f88628c632dd2259686da3776a6da

SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd68EC.tmp\ioSpecial.ini

Filesize
1KB

MD5
275bb6430a332bc8c51ad774ad3666e0

SHA1
a8ad6f6e697f606cf5261428e5e78e1adac20261

SHA256
1c09c742dca8630f6477e0db171d83f85427ac8488096ed5017e4f13a6461ab8

SHA512
c2bbf726c5662b7547bad0d7ba8bc71862cc56e66d3a01e05c7e99d750f2f7aa6856e2b3fe365ac77ecd642766e3fbe5e5e178f3a601cd9697da74e5784a4da9

Download Submit