2064f93a1a6177c68c6d2c50c8fdaf26d1b3b62650aca9bc20bad8121d55367f

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cc606fe81fc547459587cc217b3ea6c.exe
Size

388KB
MD5

3cc606fe81fc547459587cc217b3ea6c
SHA1

d631f8b6349bcd96ad179d5ef1eb106659623e5e
SHA256

2064f93a1a6177c68c6d2c50c8fdaf26d1b3b62650aca9bc20bad8121d55367f
SHA512

634868c0abb9ff1dcce2f8c96651da11fd29dfa4a8c170601e4ef048f55f9614d54ec979b18c535b9d3b51479fdc4a87c8b47a64d57d132fe6b942685b9c0104
SSDEEP

6144:KQ3/9nM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2wdQ3/nQd:X9nM3D0Fw/tN8dkmLtpHHHrh7kC1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2080	Au_.exe

Loads dropped DLL 3 IoCs

pid	Process
2080	Au_.exe
2080	Au_.exe
2080	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023210-4.dat	nsis_installer_1
behavioral2/files/0x0007000000023210-4.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2080	1556	3cc606fe81fc547459587cc217b3ea6c.exe	22
PID 1556 wrote to memory of 2080	1556	3cc606fe81fc547459587cc217b3ea6c.exe	22
PID 1556 wrote to memory of 2080	1556	3cc606fe81fc547459587cc217b3ea6c.exe	22

C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe
"C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
92KB

MD5
e775b197c0996677091f88a7551b7b47

SHA1
65fdff087fd913f92c6b23065d18cece3a3adecb

SHA256
7946a84269798e1a14a7e8b189b7106b05e944a116d2069e5a3b26fc904db3e9

SHA512
f2168916e65f5532ac2a2f0af01d8d4c956f7262741aa14822bf14fd8da8cc4072738dbe2cbd3db08bcb995024dcadd1612b5c850e9f48c64f9d29dec23f06f5

Download Submit