61927018ca83d22b2097190ca70345a37162c52faeb0affac7e7d6a9fe45397c

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 05:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.Unwanted.4675.15048.exe
Size

22.4MB
MD5

c0796b8ebdbf22d876c103a4f371dcf5
SHA1

bf783dac7b35d3c409c7ddbf18b1542b712afbd6
SHA256

61927018ca83d22b2097190ca70345a37162c52faeb0affac7e7d6a9fe45397c
SHA512

39fc8577fc383edf81b318e37e33ef4a46d3df0e145908028db9634b1176eeaf47036ce6c45eb9f774117c8a3c15c988adc619d1c93005a4af17b230ab046379
SSDEEP

393216:5XTX4x6oQK8T5nb60HMPqo+MOpNWZUlkBN2UGoLbosnLvnRk6+sS6zAZY7:5jXvE8T5uIMPzOpNW2LUGgoIL/RkE5me

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Eclipse HDR PRO\install.log	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
File created	C:\Program Files\Eclipse HDR PRO\install.log	SecuriteInfo.com.Program.Unwanted.4675.15048.exe

Loads dropped DLL 14 IoCs

pid	Process
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe
2584	SecuriteInfo.com.Program.Unwanted.4675.15048.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4675.15048.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4675.15048.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Eclipse HDR PRO\install.log

Filesize
168B

MD5
e976547192387f2e5ba2e4588a7fadea

SHA1
c3529e20ed1e923182e9193f6218634556f38ea2

SHA256
4e09563300cfbce62347b440c30647c68d085c3e8d9f486bfd100f092bc31714

SHA512
63cf5d68741688c2577a24a2f2f3d7040067fad02ce603a618df988eb7eb93daa1e6b58417047c9cdd94354a55a34ad3a6ee503bf915e1a5698a36e2f66e55f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\GetVersion.dll

Filesize
6KB

MD5
5264f7d6d89d1dc04955cfb391798446

SHA1
211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

SHA256
7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

SHA512
80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\LogEx.dll

Filesize
44KB

MD5
1c440ec84001c94327082aca9bdbd0d1

SHA1
4f35b29e8e1ca44368d15506c28a0873bed1c9f3

SHA256
f6d21ef2fa853b922c94d66d3abd9277ad71bc1be73a8d8418bc06635925a343

SHA512
32a2c9641d1390295249a52fab38f8bc8379be80395a9b27b4e157d37b66a1c1f9f49f940ccd24725c59f9de9a585690292119e11faea3e93d4054d9db00e93a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\UAC.dll

Filesize
17KB

MD5
88ad3fd90fc52ac3ee0441a38400a384

SHA1
08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

SHA256
e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

SHA512
359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr56CD.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit