6c28f95f6485c8dd771f9290b1ed049523f4c41d8fb1594aeefc8a515388d30c

Analysis

max time kernel
147s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tor-browser-windows-x86_64-portable-13.0.8.exe
Size

97.0MB
MD5

9f9927b21eb646f4eecc1a1fa69babea
SHA1

1ec9c5f4a869b18555787b2913c1011d66f992df
SHA256

6c28f95f6485c8dd771f9290b1ed049523f4c41d8fb1594aeefc8a515388d30c
SHA512

9c1563efcbc35a43faaf8f44bb7bae806e226b537936972ad45a18a0e07de5c472bbc05279507252af0324a08bf2fd563e0b4bf6a2688dd46818bb46c952dc73
SSDEEP

3145728:qJX1bSS8ucseZsUKSlXz3diNSefUr9AQOt3:qJlG0eFvl4NbUr9AQY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2136	tor-browser-windows-x86_64-portable-13.0.8.exe
2136	tor-browser-windows-x86_64-portable-13.0.8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2136	tor-browser-windows-x86_64-portable-13.0.8.exe

C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.8.exe
"C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj9C61.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9C61.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
memory/2136-11-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2136-12-0x000007FEFB7C0000-0x000007FEFB7CF000-memory.dmp

Filesize
60KB

Download