Overview

overview

7

Static

static

1

42c18445d9...0a.exe

windows7-x64

7

42c18445d9...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 04:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    42c18445d96a39c37be048f1ab41ff0a.exe

  • Size

    149KB

  • MD5

    42c18445d96a39c37be048f1ab41ff0a

  • SHA1

    9294cdb3b9ea2274a0afbc67cf794534c09bb6d9

  • SHA256

    dbacb9b7892c2c3da4199610f203b91861678d45f9ecb386c978681ac20efa46

  • SHA512

    575f6aa8f5e8aedb780175af43d81fd6e1dfa5a76253249c8bbe8b860004ee42b8a6f46c551614959518183b369910b6b9d7ecb22a08d373342fa1e79a181503

  • SSDEEP

    3072:jmszWOITsEL50jl7ys4BBWcQQjazKQFcs2ENj5SEvrGAdEp:BzZZu8QjazKQFcs2HErGn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42c18445d96a39c37be048f1ab41ff0a.exe
    "C:\Users\Admin\AppData\Local\Temp\42c18445d96a39c37be048f1ab41ff0a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2188

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nso7E64.tmp\System.dll
          Filesize

          11KB

          MD5

          959ea64598b9a3e494c00e8fa793be7e

          SHA1

          40f284a3b92c2f04b1038def79579d4b3d066ee0

          SHA256

          03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

          SHA512

          5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nso7E64.tmp\inetc.dll
          Filesize

          23KB

          MD5

          7760daf1b6a7f13f06b25b5a09137ca1

          SHA1

          cc5a98ea3aa582de5428c819731e1faeccfcf33a

          SHA256

          5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

          SHA512

          d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nso7E64.tmp\nsDialogs.dll
          Filesize

          9KB

          MD5

          f7b92b78f1a00a872c8a38f40afa7d65

          SHA1

          872522498f69ad49270190c74cf3af28862057f2

          SHA256

          2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

          SHA512

          3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

          Download Submit

        • memory/2188-32-0x0000000002710000-0x0000000002711000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2188-33-0x0000000010000000-0x0000000010006000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2188-35-0x0000000010000000-0x0000000010006000-memory.dmp

          Filesize

          24KB

          Download