e777266c9eacd94d02816c17f8e07e8328ea500ac0a63d61432562750cad74c7

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53da0dbb6f1cea304568b278d1a1d098.exe
Size

92KB
MD5

53da0dbb6f1cea304568b278d1a1d098
SHA1

9ff7df46a012aadd8b2f05478b1ca792b00e2a97
SHA256

e777266c9eacd94d02816c17f8e07e8328ea500ac0a63d61432562750cad74c7
SHA512

61fe2b925a0237797e8ffa5f9d2879ff5f40ba61e03aadbee1bc8728294e7a152ef326e7aaebd7438b358bde21179fe6f0ff021b7133a18287346e79ae83a3e2
SSDEEP

1536:GWOg/+vOxt0c5hfHP1qlmv60lHj4UraTPVPSPkP4PjPAkbohaWdV7lObdEZxHwAx:GjA0c5Olmv60l3LbohaMAuwiNCP7+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	npkit.exe

Loads dropped DLL 2 IoCs

pid	Process
3036	53da0dbb6f1cea304568b278d1a1d098.exe
3036	53da0dbb6f1cea304568b278d1a1d098.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3036	53da0dbb6f1cea304568b278d1a1d098.exe
2900	npkit.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2900	3036	53da0dbb6f1cea304568b278d1a1d098.exe	28
PID 3036 wrote to memory of 2900	3036	53da0dbb6f1cea304568b278d1a1d098.exe	28
PID 3036 wrote to memory of 2900	3036	53da0dbb6f1cea304568b278d1a1d098.exe	28
PID 3036 wrote to memory of 2900	3036	53da0dbb6f1cea304568b278d1a1d098.exe	28

C:\Users\Admin\AppData\Local\Temp\53da0dbb6f1cea304568b278d1a1d098.exe
"C:\Users\Admin\AppData\Local\Temp\53da0dbb6f1cea304568b278d1a1d098.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\npkit.exe
  "C:\Users\Admin\npkit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\npkit.exe

Filesize
92KB

MD5
039651dc7a01c3cfe30e283ad6df9ade

SHA1
ee3b4709a04c87dbce429aae0e9a7f51cf6e4ce7

SHA256
20207b190ea332b3e6df718e22d313d2529671dc126cc6742e2361117da43ae3

SHA512
a51ba3f063b41cd5e4621cb3d263db85c7bc1915291233034e83d7926451361a4707531ba6a6fa5ade7fb290c79e4a3670c635a8c808d0b2dfb632b7e5527d5a

Download Submit