Analysis
-
max time kernel
142s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/01/2024, 08:35
Static task
static1
Behavioral task
behavioral1
Sample
3c631b5651a41842151171ee98b155be.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3c631b5651a41842151171ee98b155be.exe
Resource
win10v2004-20231222-en
General
-
Target
3c631b5651a41842151171ee98b155be.exe
-
Size
75KB
-
MD5
3c631b5651a41842151171ee98b155be
-
SHA1
e365837a275b6c79192cd87a3f4c7659987766fb
-
SHA256
e1fc1bbaf6c3144462068e645b3fdfafcbc3956fc055fbba3e0a2ea2ac11b2ba
-
SHA512
f86d393c44fdbdc401fbea4e3d5d7482f557d970539e269577554686554b427dfefdbbb8f7fce50b32117b2a7627e3702befe4bd34b95f350e3eb7b13a3e93df
-
SSDEEP
1536:4MHxqNxd3xtdTfzHyl9X3BJeUjlwYOkJWF3TvIqBNpISL:JHxOdljyj3BJeUjhJWZXHL
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2240 Au_.exe -
Loads dropped DLL 2 IoCs
pid Process 2536 3c631b5651a41842151171ee98b155be.exe 2240 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 1 IoCs
resource yara_rule behavioral1/files/0x000a000000012251-2.dat nsis_installer_2 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2536 wrote to memory of 2240 2536 3c631b5651a41842151171ee98b155be.exe 28 PID 2536 wrote to memory of 2240 2536 3c631b5651a41842151171ee98b155be.exe 28 PID 2536 wrote to memory of 2240 2536 3c631b5651a41842151171ee98b155be.exe 28 PID 2536 wrote to memory of 2240 2536 3c631b5651a41842151171ee98b155be.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c631b5651a41842151171ee98b155be.exe"C:\Users\Admin\AppData\Local\Temp\3c631b5651a41842151171ee98b155be.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2240
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5b13935bfa7a3e43c112bd9fa02f08f28
SHA1dec4f136057097c412f53c2ae41b80a8ad0c6810
SHA256796f7efb91904fa4105528e18f6f87e3fdab9a070dabef83e02f9ae375b2b060
SHA5121b92cde7bf74fc181b4d2602a269ef1f581b75eb67e3e46b256ddaddc153b95ee17d422a56ca04d68eafe61ab468b708f7f3691f3b47c554a67af00d49b2709a
-
Filesize
75KB
MD53c631b5651a41842151171ee98b155be
SHA1e365837a275b6c79192cd87a3f4c7659987766fb
SHA256e1fc1bbaf6c3144462068e645b3fdfafcbc3956fc055fbba3e0a2ea2ac11b2ba
SHA512f86d393c44fdbdc401fbea4e3d5d7482f557d970539e269577554686554b427dfefdbbb8f7fce50b32117b2a7627e3702befe4bd34b95f350e3eb7b13a3e93df