627711f7001665ef2d251b9fa25726994998a9620e78845c8b3c39ac77ac0942

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverUpdate.exe
Size

1.5MB
MD5

b89b24d0dd48ab18a311a93861f15b11
SHA1

753c6bb449f41ee3f6afd1117d187da36b549874
SHA256

1987a62458bbae81497227f093e93880810fdb864ed69a7c1ff96a7e5c1c9315
SHA512

ae75692d17418234572608cb888b4b0fc67745ef4f3d50aa21a1e8d47c42c7d7a28dff730e357c0b0f21e8aacd7af5e09ff21de2f6e237119583d699bd57bf23
SSDEEP

24576:k7KTjHrzCMnXMwdkPV7tgv66DNY7uQQhmiIL4GhglTCOX/EGHh3YvMe:FjHrzCMnXMdV7tM66DNY79QQbLNgZfEb

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0008000000023210-32.dat	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023210-32.dat	upx

Loads dropped DLL 11 IoCs

pid	Process
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe
3936	DriverUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\DriverUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\DriverUpdate.exe"
1⤵
- Loads dropped DLL
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\LangDLL.dll

Filesize
5KB

MD5
ea60c7bd5edd6048601729bd31362c16

SHA1
6e6919d969eb61a141595014395b6c3f44139073

SHA256
4e72c8b4d36f128b25281440e59e39af7ec2080d02e024f35ac413d769d91f39

SHA512
f9dc35220697153bb06e3a06caf645079881cb75aed008dbe5381ecaf3442d5be03500b36bbca8b3d114845fac3d667ddf4063c16bc35d29bbea862930939993

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\NScurl.dll

Filesize
231KB

MD5
69353f2b692eab9c8274eea797237fd8

SHA1
a86d32aa70331fa0945c04e0870ae42e40c091b9

SHA256
ac4b4c8548a6bcd7750c7505dde0b57114edd25ea2b002a17f241696109835aa

SHA512
223c47ac01c206a5e446b05331766fb71ffef5b88ba0877aec291abd50c3f485aeb4d214c7f4f8461d35d97e36f246e1ed700e9dbd550f8a97de83eb645dd0bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\System.dll

Filesize
11KB

MD5
55a26d7800446f1373056064c64c3ce8

SHA1
80256857e9a0a9c8897923b717f3435295a76002

SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\UserInfo.dll

Filesize
4KB

MD5
c051c86f6fa84ac87efb0cf3961950a1

SHA1
f18f4bb803099b80a3a013ecb03fea11cff0ac01

SHA256
d0949b4c0640ee6a80db5a7f6d93fc631ed194de197d79bf080ec1752c6f1166

SHA512
6e9de5d07aaed2ac297faa5049d567884d817ed94dece055d96913ac8e497ade6f0ff5c28bae7cc7d3ac41f8795efb9939e6d12061a3c446d5d2a3e2287d49d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\nsDialogs.dll

Filesize
9KB

MD5
ee449b0adce56fbfa433b0239f3f81be

SHA1
ec1e4f9815ea592a3f19b1fe473329b8ddfa201c

SHA256
c1cc3aa4326e83a73a778dee0cf9afcc03a6bafb0a32cea791a27eb9c2288985

SHA512
22fb25bc7628946213e6e970a865d3fbd50d12ce559c37d6848a82c28fa6be09fedffc3b87d5aea8dcfe8dfc4e0f129d9f02e32dae764b8e6a08332b42386686

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy43B2.tmp\nsResize.dll

Filesize
4KB

MD5
aa849e7407cf349021812f62c001e097

SHA1
4cbb55b1d1dd95dcb7a36b5a44121ad4934539af

SHA256
29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5

SHA512
4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de

Download Submit
memory/3936-40-0x00000000740E0000-0x00000000740E9000-memory.dmp

Filesize
36KB

Download
memory/3936-43-0x00000000748C0000-0x0000000074C5A000-memory.dmp

Filesize
3.6MB

Download
memory/3936-45-0x00000000740E0000-0x00000000740E9000-memory.dmp

Filesize
36KB

Download