6f45377781c6e3d48128293e2964e9f5270386e17823795cd81c82fcdf431147

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66a6bf14e235d55ee2cf521eacfa2ff0.exe
Size

57KB
MD5

66a6bf14e235d55ee2cf521eacfa2ff0
SHA1

5484199fd6a042fb097f038538cdb0b5f372e32f
SHA256

6f45377781c6e3d48128293e2964e9f5270386e17823795cd81c82fcdf431147
SHA512

40f3482cbe5f6a19388ca9f156a887be9c27fb6d804021fd94c3190ce69b2f36e8dbb7f0232174b8e8e9fa465de7382089dcff1a084d99ffc6ff694650cb5c31
SSDEEP

1536:WqBwbLWJLJFKqAZzrZA4kJJeVlAfEXhYj9e++W7BVXfA:WqBFJLzgOJJyw029e+HdV4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4832	66a6bf14e235d55ee2cf521eacfa2ff0.exe
4832	66a6bf14e235d55ee2cf521eacfa2ff0.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe
File opened for modification	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2384	4832	66a6bf14e235d55ee2cf521eacfa2ff0.exe	87
PID 4832 wrote to memory of 2384	4832	66a6bf14e235d55ee2cf521eacfa2ff0.exe	87
PID 4832 wrote to memory of 2384	4832	66a6bf14e235d55ee2cf521eacfa2ff0.exe	87

C:\Users\Admin\AppData\Local\Temp\66a6bf14e235d55ee2cf521eacfa2ff0.exe
"C:\Users\Admin\AppData\Local\Temp\66a6bf14e235d55ee2cf521eacfa2ff0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
  2⤵
  - Drops file in Program Files directory
  PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ife.txt

Filesize
19.4MB

MD5
deedce1cd2302d783638209488566f39

SHA1
5315e9293844244a604aa8409bd713eb18591ad9

SHA256
77277a3aaf30c6e585b324a5bedb789fa9759cce00b6f8f60b3677aa060f7de8

SHA512
839fafc06ccbfe64d730b54097b490376357fd71897f441c7c7fbda1c47c1e043be774191330d7b83b1d366efda5019cce206878b55163c543b8f9466fb7bf86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6CD4.tmp\nsExec.dll

Filesize
6KB

MD5
e54eb27fb5048964e8d1ec7a1f72334b

SHA1
2b76d7aedafd724de96532b00fbc6c7c370e4609

SHA256
ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

SHA512
c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6CD4.tmp\time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit