f54c4f803088e493a94c8f24d334d9849543def50bb0ec8cf47dfbbcc0754622

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sysdiag-full-5.0.75.0-2023.11.20.1.exe
Size

22.7MB
MD5

eafc7638c1fc98d5f4b5d4545daa8d74
SHA1

aa4c02e712f4f0933f0df38290b43b01b1ae4ef9
SHA256

f54c4f803088e493a94c8f24d334d9849543def50bb0ec8cf47dfbbcc0754622
SHA512

fab097ad33006ebdfa8da2d895c433ddb0d5cd2807e3362959de0dd3b4ec681f6cb13015d3cf929b5c823d94b59d36b4354faf26ce2b95ee0adbade6a579394a
SSDEEP

393216:DRAv+30U9JPW02lcB0cBo2KDLedMlHH5YthB/JYi3w9/FaAB/s3vXY+u:DGv+3C020o2M+mHEz/JDQN7Bkgh

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Loads dropped DLL 3 IoCs

pid	Process
2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
Token: SeLoadDriverPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
Token: SeDebugPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
Token: SeLoadDriverPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
Token: SeDebugPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe
Token: SeLoadDriverPrivilege	2348	sysdiag-full-5.0.75.0-2023.11.20.1.exe

C:\Users\Admin\AppData\Local\Temp\sysdiag-full-5.0.75.0-2023.11.20.1.exe
"C:\Users\Admin\AppData\Local\Temp\sysdiag-full-5.0.75.0-2023.11.20.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd5285.tmp\inst.ui

Filesize
318KB

MD5
219caaa57670099370bc290667128569

SHA1
5bb3fd9f311770e0d66b9df53945b0b76932dfc2

SHA256
aebc8581759d5d3edaa8e8d0e887eb8467d502b76682b602aa26d4d29e7b0906

SHA512
aae6bcec57e85a619901ef3c9275b1ed23f162a666a8b95b8dd10fccdfade935f87e3514aeaf7ba3b6b5ef359a61aa2737ac5946568a3af597738d92c75037a1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5285.tmp\DuiLib.dll

Filesize
260KB

MD5
36e479e88f5e5998ddf334214327338f

SHA1
c3bae0ff982f44cd40fffccff6cca58893fb6096

SHA256
837bf77527b135a664087b7f9a8af188e624d4ff884554b053dda7233c0c1793

SHA512
177702b09a1103b1fc7c350468c1857a4f745b1065f6196ad8b528c6f0ff9e923ae7d3be2ffccde1fa8e7e80d9064a6eae4e564761fef77deb6f70dbf1b25736

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5285.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5285.tmp\installer-helper.dll

Filesize
282KB

MD5
0d61a704af7ab5f7b4dcbc6c4df64424

SHA1
84c045e2b7d405fa0b85f9064f8a0b5b9467d99a

SHA256
cacc494160d27ce2424d1a8d0160c28c9356e761012343cebcc7ab93fc866626

SHA512
d1777d1ff2234c17a1cc931aa124943884e491d4d11f4d3dc2a11c70042bb955a5b149937ed5f399f9e549a1b66d9e53aa500653f62dc9c0c7b06670eb9c41c2

Download Submit
memory/2348-23-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download