c348c3547a41338f4667effbf98d24f3053dc1c4e43aebfa2b7878ed947bd2f8

Analysis

max time kernel
5s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AW24 minkoff ORDER EMBO 1.6.exe
Size

225KB
MD5

ffc1bd1e349b5c9be31fda329e2d3683
SHA1

a3872e64a202ff6e66ce01727f5bd36b6c931f95
SHA256

c348c3547a41338f4667effbf98d24f3053dc1c4e43aebfa2b7878ed947bd2f8
SHA512

bad8dc1034b865d89d9d4f9ca9561099df9d8fe36dd9b2d813ddc055e4e44f34c44eaaf78448f639e0d7feac855185078b8e178e6e65fc916e7a9d3de484a08c
SSDEEP

6144:F4t6LsbGsgXJWuP0y+s0MBKk6zhHBSUYNPZVY:FkbGsg5nPgs0E6zrSn

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

AW24 minkoff ORDER EMBO 1.6.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\fell.lnk	AW24 minkoff ORDER EMBO 1.6.exe
File created	C:\Program Files (x86)\fell.lnk	AW24 minkoff ORDER EMBO 1.6.exe

Drops file in Windows directory 1 IoCs

Processes:

AW24 minkoff ORDER EMBO 1.6.exe

description ioc process

File opened for modification C:\Windows\Harns\liniemssige.ini AW24 minkoff ORDER EMBO 1.6.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

3420 timeout.exe

description	ioc	process
File opened for modification	C:\Windows\Harns\liniemssige.ini	AW24 minkoff ORDER EMBO 1.6.exe

pid	process
3420	timeout.exe

C:\Users\Admin\AppData\Local\Temp\AW24 minkoff ORDER EMBO 1.6.exe
"C:\Users\Admin\AppData\Local\Temp\AW24 minkoff ORDER EMBO 1.6.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2100

C:\Users\Admin\AppData\Local\Temp\AW24 minkoff ORDER EMBO 1.6.exe
"C:\Users\Admin\AppData\Local\Temp\AW24 minkoff ORDER EMBO 1.6.exe"
2⤵
PID:3608

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "AW24 minkoff ORDER EMBO 1.6.exe"
3⤵
PID:3168

C:\Windows\SysWOW64\timeout.exe
C:\Windows\system32\timeout.exe 3
1⤵
- Delays execution with timeout.exe
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\161FFB0F\mozglue.dll

Filesize
80KB

MD5
df9029cd9e376fb3bad196039267fdb8

SHA1
fe8a33565e1e45f354474362c987d2a9c3854e10

SHA256
eff0ea4993ff80ef926ced904157e43820143356ffb6402e9fa1b185077a2832

SHA512
1a26eb589192e027138c64218a698ab4d66f29a2cbc7241100f3e972217f1621a91308d488bf7dd239a7b7a42f2c8018865910bec261a85a2a54e36eb2fdeb17

Download Submit
C:\Users\Admin\AppData\Local\Temp\161FFB0F\msvcp140.dll

Filesize
151KB

MD5
d38772551bcf808093468fb4f6029224

SHA1
43856467307c8a4da309562c6ad7d5a65ceecc2e

SHA256
de042f903666055084f8d63404f36b3d905ebbbc32e27eadc601d1e77ae47991

SHA512
078d8da632da0f88a361ee3a2b2e83c42cfb16ddc26708ae95b1f061fc30a77e4fe561e9a70c06945755bdad10a9e33a4ca74a42e4f3228cd061abb91cec6fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\161FFB0F\nss3.dll

Filesize
192KB

MD5
bc110483bb570e7bedfb0618f5999f43

SHA1
41a1c8cd1e45cadb7651125c6e2ee61be79e8747

SHA256
a7211631e3b60a507c438d4a7ef4e66bfbc8ced93081e58d6d4ff204021cc47f

SHA512
7a012d310a340dfef86b4707ada10b50c4b129c95e052a2ab64c52fe0f064a3def60b4906214e866ffe5abd4309bd77dbc00096f632016212e21f62adce7952a

Download Submit
C:\Users\Admin\AppData\Local\Temp\161FFB0F\vcruntime140.dll

Filesize
76KB

MD5
6ad7e813c71a29033edfc86fc8eca742

SHA1
deac35bfff12aeb6a92c7c64250040fa6928c483

SHA256
fc5ac9b7e53270777f7c47667cf39be87606e067edc2f88ff42a3c6abf96dc87

SHA512
295d7acd16fbbb22bac78602d65faffcf85b9e3739fb0123ac02e061798da8a2a32f20b0f15a50775c227d2ad351ba32b4f9c3f0605a3a6b63829adb592ae349

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5D05.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
memory/2100-16-0x00000000049F0000-0x000000000625A000-memory.dmp

Filesize
24.4MB

Download
memory/2100-17-0x0000000077171000-0x0000000077291000-memory.dmp

Filesize
1.1MB

Download
memory/2100-18-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/3608-19-0x0000000000460000-0x0000000001CCA000-memory.dmp

Filesize
24.4MB

Download
memory/3608-31-0x0000000072D80000-0x0000000073FD4000-memory.dmp

Filesize
18.3MB

Download
memory/3608-32-0x0000000000060000-0x0000000000087000-memory.dmp

Filesize
156KB

Download
memory/3608-21-0x0000000077215000-0x0000000077216000-memory.dmp

Filesize
4KB

Download
memory/3608-20-0x00000000771F8000-0x00000000771F9000-memory.dmp

Filesize
4KB

Download
memory/3608-92-0x0000000072D80000-0x0000000073FD4000-memory.dmp

Filesize
18.3MB

Download
memory/3608-141-0x0000000072D80000-0x0000000073FD4000-memory.dmp

Filesize
18.3MB

Download
memory/3608-143-0x0000000077171000-0x0000000077291000-memory.dmp

Filesize
1.1MB

Download
memory/3608-142-0x0000000000460000-0x0000000001CCA000-memory.dmp

Filesize
24.4MB

Download