93be92d273232fc93576317906e3e1c2232c52fa80f14cbf8cf9842bfb8c6fa3

Analysis

max time kernel
146s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

514990d00a1a63b03c3fde33690a866a.exe
Size

56KB
MD5

514990d00a1a63b03c3fde33690a866a
SHA1

10fdcc35d04969f255d8471a475ac495dca767f0
SHA256

93be92d273232fc93576317906e3e1c2232c52fa80f14cbf8cf9842bfb8c6fa3
SHA512

5f5c492d1daaf10ec0c797649a748c0b0400117da625721dfa2d222469244df8f5f8cb339eaf96d8e807f6d2ba0e8cc822058b83669f74f4b722a61e7f029fc2
SSDEEP

1536:nyZMSZFvknTePMZd4k4kJJ/V0GCxBFQVy8uo2ODZQg4U:yZMJnTeM4cJJ/V05fFZ8COFQg

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4828	514990d00a1a63b03c3fde33690a866a.exe
4828	514990d00a1a63b03c3fde33690a866a.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe
File opened for modification	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 972	4828	514990d00a1a63b03c3fde33690a866a.exe	24
PID 4828 wrote to memory of 972	4828	514990d00a1a63b03c3fde33690a866a.exe	24
PID 4828 wrote to memory of 972	4828	514990d00a1a63b03c3fde33690a866a.exe	24

C:\Users\Admin\AppData\Local\Temp\514990d00a1a63b03c3fde33690a866a.exe
"C:\Users\Admin\AppData\Local\Temp\514990d00a1a63b03c3fde33690a866a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
  2⤵
  - Drops file in Program Files directory
  PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ife.txt

Filesize
7KB

MD5
1a2ec28451d4b8539f287e08a67ad781

SHA1
4234d52ab75e3f49bd0cbb5598163d57954c35ba

SHA256
87b0f3e04871b72e870c97990b95138653c82d128b47c10da7dbcfd366e14998

SHA512
bb33ad75fddf0bc27c748967a71f7261a2ee91fdfdcc9f575a48899e6d9fb1ff3e6544f132a053dc3d1601857d1b0cc9280ce8533f970fdb29101b9b47615a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse440F.tmp\nsExec.dll

Filesize
5KB

MD5
761cfdc457a6f82f8b130d6d43a8b276

SHA1
33e82b5dc85f30a0c0c2df579081e1aa646c693c

SHA256
e039466351be577fd92057d478a38624d5302014ad62fa2cb3ff11b8082100ac

SHA512
86fbd1f162b4521b8e0daac4ba8dde741719e383b5871e621f8ac9b424d223114aa3f8e7b464026927b62e7e7f45a865d3884ba4a468f8bd71776248233c7030

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse440F.tmp\nsExec.dll

Filesize
6KB

MD5
e54eb27fb5048964e8d1ec7a1f72334b

SHA1
2b76d7aedafd724de96532b00fbc6c7c370e4609

SHA256
ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

SHA512
c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse440F.tmp\time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse440F.tmp\time.dll

Filesize
6KB

MD5
cfbe23338eb1b18ca617ceefc771aea1

SHA1
7b66a5df78006cb257261e9462fcafc1e89c5e85

SHA256
07468ef2a54c8413aedecf72c31fcb1df9b9eee9e9334088340a96663f45cf90

SHA512
bedff8fed49377cca1faa3847b2d6595efadae378af7b76668c60ad7d96c1bf6423fe81dacf20d8e0880407f2984c57c51618061822a4cf8dd8d338cb0b6516d

Download Submit