cdbf38c8db64a678478ce5d6465285f6348bba7c5bffb8d0aacbb43b6c7f5b8a

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b1bce489439538b1ca517b232e08596.exe
Size

84KB
MD5

8b1bce489439538b1ca517b232e08596
SHA1

c7dee42bc838f5030548ffb1ca614ab5cb046465
SHA256

cdbf38c8db64a678478ce5d6465285f6348bba7c5bffb8d0aacbb43b6c7f5b8a
SHA512

5258d98eaa424436e7eead8c9f55356646a776a13c99757664b50205f1a3afd62760d36235acaf2da1dc00c48e5fa4ade1f28865514af61830fb3bdda6971ac9
SSDEEP

1536:pLXB65939tY6HBg4sXJDxG213AuvWVvG5w4CPnNhI:pLk395hYXJwagG5wNW

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 26 IoCs

pid	Process
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe
2964	8b1bce489439538b1ca517b232e08596.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ElSendero\autoUpdater.log	8b1bce489439538b1ca517b232e08596.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\8b1bce489439538b1ca517b232e08596.exe
"C:\Users\Admin\AppData\Local\Temp\8b1bce489439538b1ca517b232e08596.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst19E8.tmp\inetc.dll

Filesize
24KB

MD5
1efbbf5a54eb145a1a422046fd8dfb2c

SHA1
ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

SHA256
983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

SHA512
7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

Download Submit
\Users\Admin\AppData\Local\Temp\nst19E8.tmp\nsislog.dll

Filesize
4KB

MD5
7f1c9557c5b383ee1632923fa1d12eff

SHA1
9a079b0003fd56d9838ec9c24485627d0711f199

SHA256
20bce1fa5048af7ddc6648943dd1cebbee3962eb385e6043103c1adfec3d95e4

SHA512
8a2a5c7a542971b7b5c0af35a7b025093e30e6f8b533314c00f741efdfa47e3d8412ce10aaf8dc7df19bdb2c74a59ff53a5c38c04df18ce0d21fac38a654e3e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst19E8.tmp\nsislog.dll

Filesize
42KB

MD5
e47100b70748fc790ffe6299cdf7ef2d

SHA1
ad2a9cd5f7c39121926b7c131816e7ba85aeead2

SHA256
271d539fe130276189e0a32b8a0bc9f08f2d92f7e17f85d88726735f14ea6144

SHA512
88452a9aeff453e7979df9240ab396cbc0c5d00efecda97df1e46f2ba1e9b5bfd990921e85d503beb4b35a1de7681390ba124eeeaf896f250717892ced133e93

Download Submit
memory/2964-44-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-72-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-28-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/2964-11-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/2964-37-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-4-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/2964-55-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-22-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/2964-82-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-99-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/2964-103-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download
memory/2964-110-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download
memory/2964-121-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download
memory/2964-127-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download