Overview

overview

7

Static

static

3

5a12007875...9b.exe

windows7-x64

7

5a12007875...9b.exe

windows10-2004-x64

7

$LOCALAPPD...er.exe

windows7-x64

7

$LOCALAPPD...er.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$LOCALAPPD...R0.dll

windows7-x64

1

$LOCALAPPD...R0.dll

windows10-2004-x64

1

$LOCALAPPD...SA.exe

windows7-x64

6

$LOCALAPPD...SA.exe

windows10-2004-x64

6

$LOCALAPPD...CB.exe

windows7-x64

1

$LOCALAPPD...CB.exe

windows10-2004-x64

1

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDIR/Setup.dll

windows7-x64

1

$PLUGINSDIR/Setup.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 02:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5a12007875a268dc0c74d10f2322119b.exe

  • Size

    660KB

  • MD5

    5a12007875a268dc0c74d10f2322119b

  • SHA1

    65a8f85b38f929449781c07c701b2b8b19091436

  • SHA256

    17da20b574a032fe666b373e92704b10ee26f3ab0a2a1258336e5d0aa9a6c2c6

  • SHA512

    9e224a4d4b25efc457e11a00b8927a44628c514cfde43c22cacca578e0547a1088a73bf61f243ce2eb00d50b46ca00ee4dec586ba428e3ebd3f0aace436cad1f

  • SSDEEP

    12288:Yt9I0PSltlNm30W0WbxEqFQH9l7bN2Q6hlmkguRtD+pY0Czi9e0/E/xZ:YpKlc0iFFQ38bnguPKpY0WVsEP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a12007875a268dc0c74d10f2322119b.exe
    "C:\Users\Admin\AppData\Local\Temp\5a12007875a268dc0c74d10f2322119b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2820

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsb4B43.tmp\Install.dll
          Filesize

          190KB

          MD5

          44919d5e213eafc7d4920768393ac022

          SHA1

          76decaa96c10257828ed65f95b2f560d5f8788b3

          SHA256

          52057def98ef4324dd47afbe4300aa5b9625a0457ce14051563eb0a3639714d2

          SHA512

          f632ca23b8b26e25f2b181eaff95dcb256b0fc69af486b8158ad490e560ffa5ec0139de7a8f8188ffeda83d8d2119da1172cdba760243bb25b3d42e057ea7678

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsb4B43.tmp\Install.dll
          Filesize

          173KB

          MD5

          61aa99315af60b87b46c54f257e4e458

          SHA1

          bf79fb1a04fa08388002f0edd63b8bdc150765c1

          SHA256

          3702c622bce4cb310ee82cc56d598bb9e9dee58ae98eb4390139421a07ef019b

          SHA512

          30aac5d0061fa0e2de4cb5ab617dd50c3f983b4f5396491b3c5875a4fc68c27488c1ca3a8667cb8c026075bd75c8d8d1346b255833209e77af20337968921d27

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsb4B43.tmp\Setup.dll
          Filesize

          70KB

          MD5

          9c8835822398961633c9d3310b496bc9

          SHA1

          b3b63d03f4404d5fc83381ae51674295f9d7afe7

          SHA256

          c6a82e900583a008d6eb44136da724feff6a308b9de729a4acc2da2ba1d13227

          SHA512

          2ee08d6017a857d46470d7502e2226fea4de580f70ecd8eb7b481135ea9005188c45987da201db4813f6144505aabaabb652091ae3b41ba02ec78d5a33d7b3c1

          Download Submit