211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88

Analysis

max time kernel
99s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a68b2598040d342eef5e8194b7971fe.exe
Size

301KB
MD5

7a68b2598040d342eef5e8194b7971fe
SHA1

7147fad58f345d94cf597425f9a93621d3b8d88d
SHA256

211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88
SHA512

820bc1db147c32ecea615062055c178800296477ec114408ab0b1e768149875af35dd908ed708f2f4535fb784fda825788e08991fd80a45106629c1a54e7217e
SSDEEP

6144:bzfj/IEL1c57oIWkhJrCGTpFIYsgeWnwtCd:7/IELYklkhRCCYYsgG

Score

7^/10

discovery persistence

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe
4408	7a68b2598040d342eef5e8194b7971fe.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Finalize = "C:\\Users\\Admin\\AppData\\Roaming\\InstallW\\Full_Setup.exe /runonce"	7a68b2598040d342eef5e8194b7971fe.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4408	7a68b2598040d342eef5e8194b7971fe.exe

C:\Users\Admin\AppData\Local\Temp\7a68b2598040d342eef5e8194b7971fe.exe
"C:\Users\Admin\AppData\Local\Temp\7a68b2598040d342eef5e8194b7971fe.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn418F.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn418F.tmp\WmiInspector.dll

Filesize
104KB

MD5
8531346d16fa5d4768f6530d2eb2b65c

SHA1
153601d36aa0ddfbc597b1e890917364878791ca

SHA256
a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb

SHA512
f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn418F.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn418F.tmp\t1.dll

Filesize
4KB

MD5
058ba8a0916d957d3b91d08ea2e876e2

SHA1
1a7c36c50c5bd93f535b624a2882bc3905e7e7f3

SHA256
510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661

SHA512
24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4E64.tmp

Filesize
43B

MD5
07fff40b5dd495aca2ac4e1c3fbc60aa

SHA1
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4

SHA256
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

SHA512
49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a

Download Submit
memory/4408-74-0x0000000003730000-0x000000000374C000-memory.dmp

Filesize
112KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads