Overview

overview

7

Static

static

1

47dad07533...49.exe

windows7-x64

7

47dad07533...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    83s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 03:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47dad075332038ed55828351e4e8de49.exe

  • Size

    4.2MB

  • MD5

    47dad075332038ed55828351e4e8de49

  • SHA1

    50dc149746a201b9e07d0546a61aa591a1674832

  • SHA256

    f0bd4a0ba05a758667f784efcef889e4f3d30666c85128dc58d4df7f6462441a

  • SHA512

    a4ccac31a75d981e742bab3f8105de452d2d7efe4b12ab14b40f9c106b08b1ed9ad32fdd578693c41e4fa275755700bcc8146a28cb47fa701cb26b8c2fe6bb01

  • SSDEEP

    98304:wIAzxtNeRQRIEmJji0bGwZ3qh9nM9kSCEWFddJVbJ:wDtHei0bGwdqh1lSCPFdvdJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 16 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47dad075332038ed55828351e4e8de49.exe
    "C:\Users\Admin\AppData\Local\Temp\47dad075332038ed55828351e4e8de49.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\DLLWaitForKillProgram.dll
    Filesize

    28KB

    MD5

    9c4b8ec42d89f7557bfd90798ce52787

    SHA1

    2376dde426ea65aa27c30e304086310605382475

    SHA256

    ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

    SHA512

    17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\DLLWaitForKillProgram.dll
    Filesize

    25KB

    MD5

    2c2df40633edc7380496a530d7c1adb6

    SHA1

    0820d812dc9796567bf6bd1c5de8ac0a624ef741

    SHA256

    88363ad89bd8756a1bc0941020c6fd5d2a947ae79f2ad7b76f7048ac49fd48fb

    SHA512

    2658740261bba177fe6fa921795a382c35208a54bde40b4fb31d07d2af34eec03f50d15b94429c3a1ea5e3271619a8aeaf53513a93bbb8981fe120e8588088ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\IsVista.dll
    Filesize

    44KB

    MD5

    344d13fd0fdd2d97e8d61960f40a8a30

    SHA1

    3f0f120203005eea3e8ed1652a6ea8a607ea934d

    SHA256

    17bb3331e2300aa01666fbee98b9552cec5e46212a4c5a340c0370b93df88f83

    SHA512

    b4e49c58503532e270cc369f1cbd14d85edd46da5ab034dad730bd4297887dd541d445d2fbf205820e6afbbdba7ab6d5b78b694467554320fd6db8e06fe4f719

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\KillProcDLL.dll
    Filesize

    36KB

    MD5

    6958016193a066833556992077bad4fe

    SHA1

    5f564945936f99381d7e2408f034f97d069005a4

    SHA256

    f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e

    SHA512

    fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\VaccineTreeMsg.dll
    Filesize

    40KB

    MD5

    8ed31d5e359ff96bd050b50a4032e7cc

    SHA1

    d0bdb6586d14787f22f72986c7c4ad2e565a4205

    SHA256

    c880ddf653469608af56a06666d73a8b45def1a17d88bc02a03217290222e8d8

    SHA512

    c3cb518d1a622264f8f839078338c47257e67b8e269c35758f3ea672104d17b792dc0aa9dd0782b3745b8935418944555f854fa4c7ed157dfdd7db55bf621166

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\ioSpecial.ini
    Filesize

    688B

    MD5

    e300cbf1d28b9b2becffd5a18ebdeca3

    SHA1

    b8222cbf1515bfaa145723779427227c29707830

    SHA256

    3fb8ca3510462f02b5760885e1e4cd68d31eeb1ff7de31b8fe726e8fcc0aefd2

    SHA512

    dcbbc455f97185cedc17e4ea24bb410abfe4cea7434e16f7a8cde89ff6721bf67854af6532db1a5384182c15c99a131ee6346b116df5b9e13d3eb26d46bf76d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\ioSpecial.ini
    Filesize

    688B

    MD5

    54c2399e2ccf756d33ab0b05f47de76a

    SHA1

    a567ff55961ea22e9d2e890af0e3054fcf37faac

    SHA256

    c09899dcdfaf21004f94e6f1f3c0ae1c76dfd19843c51ae19bd5c2bfc8f61936

    SHA512

    a0926af32a7026f9d924351b44d0992857a1603c337c314063a74b59e3376107f30a0b6b59fd94664a72cb3bde9916be6601e23972740c0d96afd6aa92422314

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsa7AAF.tmp\stack.dll
    Filesize

    10KB

    MD5

    0f61a81a543822de5fcb9a8a43f230dd

    SHA1

    d01d4a0f542f3c654637fdfe5a574fe1f150ece1

    SHA256

    46b4a72ae8590b0afb3304cc5c13db0502bc4c4cb02f64f37c79008c17db814f

    SHA512

    596b7a897ba64c32e26ba6168aa3628aad37b187a9814a286298307d8c42eabf8e8a679dbda558f8b2cdc8676c94ec819256432aa5ad7c05a5387759262a4402

    Download Submit

  • memory/348-57-0x00000000023F0000-0x00000000023FC000-memory.dmp

    Filesize

    48KB

    Download