1f2405740435571205a1a46fb269655fd16c471c339e9955497d9d4269f384b7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

441edc06edc9a7c34e587cf3b25ee546.exe
Size

1.7MB
MD5

441edc06edc9a7c34e587cf3b25ee546
SHA1

d1641f4c5937460fefef5ef9dca4fbce31923320
SHA256

1f2405740435571205a1a46fb269655fd16c471c339e9955497d9d4269f384b7
SHA512

2a72784b30ca9a0e18bedbd90e0188c5c74867868196f1a7a6c517f6eaa7d159f398a465bfa075d5fbed74a858777f0729383f65f3af5897c8026f63ba9a7b2d
SSDEEP

49152:KJ0c+hkSNbLjlFYa9QMLA5j4YcGb1S6w5WW:gxalbLjHY4Qjl1u

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4508	441edc06edc9a7c34e587cf3b25ee546.exe
4508	441edc06edc9a7c34e587cf3b25ee546.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\441edc06edc9a7c34e587cf3b25ee546.exe
"C:\Users\Admin\AppData\Local\Temp\441edc06edc9a7c34e587cf3b25ee546.exe"
1⤵
- Loads dropped DLL
PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsv47C9.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv47C9.tmp\NewAdvSplash.dll

Filesize
8KB

MD5
9bc6c411efa742a5de7d8372afafa2fa

SHA1
2b57865e87c7ca2db97d0296d8cbe0183df2c2cf

SHA256
0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c

SHA512
092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv47C9.tmp\ioSpecial.ini

Filesize
594B

MD5
d58d418563eb6b8d99e82af78d5d7b9e

SHA1
7a9e67d986fb3278b667aaada70039007d662314

SHA256
2a1f64138208167e783db63118efb56020fba4cde6f5952b1754c23cf438f7c0

SHA512
dfff8928c2da55f9c812a6ea355474b0ea3f7e2fd640f2ec1820654da77329426e0a42a21f3f3bbf04a2e25312f5b5337454b3c0a072685a006772c4c1bd4be3

Download Submit