013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 18:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

780c349cb73328e1a1669101c49d70bd.exe
Size

3.8MB
MD5

780c349cb73328e1a1669101c49d70bd
SHA1

6aaaf52420421862a6633694659060598be7784f
SHA256

013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3
SHA512

28523a3156c4ab263c733341980db91e1abc2b4330ec99283bc561c2fa221f9414bbb3386983029efb05feef58a50941ea3447b93e0d2f0d2dd766a54bfc2ad6
SSDEEP

98304:fUjVUJp+a3wvs7Rp8MmNi8Lajm/p117kKx5WgGvCwWNVfsPcYf:fccp+eRqRhDF7kkIPvCwWNpsEYf

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1632	780c349cb73328e1a1669101c49d70bd.exe
1632	780c349cb73328e1a1669101c49d70bd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1632	780c349cb73328e1a1669101c49d70bd.exe

C:\Users\Admin\AppData\Local\Temp\780c349cb73328e1a1669101c49d70bd.exe
"C:\Users\Admin\AppData\Local\Temp\780c349cb73328e1a1669101c49d70bd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso5533.tmp\ioSpecial.ini

Filesize
722B

MD5
86253e712993b1e151dbe8c7aa022995

SHA1
fc4875500d4ae229b09980b8b143d195312bffe9

SHA256
0fbb9d1cf61461f7e6e8170311501093454b7e1fe9850e73a18aabb9c53c3d8a

SHA512
1f1c5b53d9cce5cf2b1eb1c883b2a73bf680df7b989011214eff7e65c0cb8829a3e4288df0f41fc456f1d71d054bcabadfa27e7a588f0a5dfe3dd1084af887ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso5533.tmp\ioSpecial.ini

Filesize
735B

MD5
bd0936db8335d1058676fccafcdda094

SHA1
c2db61aedbc5f644c100654257bf521f3706c2a1

SHA256
f1e5395ea01fb7336046cb5bdd1ae66abaa9e655a6776e39962eea2dfcda012b

SHA512
11725afd98911f0a7ea5d8e0c500d6f89f74a3cb6c18775bb00718045afb375ad154d31022ea0121ace549b0c3ca59704dfc1733d5519c7fa039fe611f1914ad

Download Submit
\Users\Admin\AppData\Local\Temp\nso5533.tmp\InstallOptions.dll

Filesize
12KB

MD5
d61d6c709e7947296603059f8bedeba9

SHA1
bdcfc90c358c82be43ef85727a7bdfebbd6d1b69

SHA256
65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63

SHA512
ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b

Download Submit
\Users\Admin\AppData\Local\Temp\nso5533.tmp\LangDLL.dll

Filesize
5KB

MD5
8be27f3bdec2b49d0a6a674716622304

SHA1
70d17db576ed484a4c0195571118d307fd4dc1b9

SHA256
4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47

SHA512
add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

Download Submit