2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
Size

15.9MB
MD5

66edbaad1ad5da60c1aa27833848f0c4
SHA1

07ab11b4afcff78a1bc337acb495d8ef8e7c599d
SHA256

2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2
SHA512

04c9a17151cd3e3be48090e87ed623f89df0fce4bb691aa733201611c40cfa63ff73ccdf7103eb2302c5198d69a40556c90cf52961fc027fdab125872cc641b7
SSDEEP

393216:LkXThxSK1vDa4hfGdMdRQ8b2ao8Ac681vU2htZd2pc3tarS0m:AX/S0vHewTcV6vVFwpc3grI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
2600	2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe

C:\Users\Admin\AppData\Local\Temp\2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe
"C:\Users\Admin\AppData\Local\Temp\2f25823a5b2742734439b93836a629ccbb970040669f4b7fce76a400558c70a2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw8927.tmp\ButtonEvent.dll

Filesize
5KB

MD5
b49d6564c3897f96e2750aae764f7b47

SHA1
d4d5a4c7ddb8fb17496206364bfd84d0db69d28f

SHA256
31b5a8dc9026d871db07ecfb542869db1fd8ade38c6424dfe32edfe6c13473ff

SHA512
cdfbd8826ed88af3beeb60b6fb850382b700bd7f908c0947fa14719173efadd227f908aa160263d6cf028db1c26a47ff1673b106281b82b77712e6f919553396

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw8927.tmp\System.dll

Filesize
12KB

MD5
8ebaa07760345c92c19db6662c2dfb7d

SHA1
25f981b561bbf267c35c8a4d761fb90209913bb7

SHA256
82d6235ad68a124bb1ce7bd9575011e089ffa9e0634c88b46c0d9a32834e459f

SHA512
31e9e0927b000a7512091dce7ea6b6ea1f813de89aead95dfa97086733ed9a6d2093a029a0a3323aa47a64a79a1edc762099e66070c7f9939e681eb072a781e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw8927.tmp\nsDialogs.dll

Filesize
9KB

MD5
55e14a574a8a4fc26cb19ba400d69cd0

SHA1
b729aa39c49c53637c0b298b16d2a65e5939a450

SHA256
d8f580613c63daa9a2bea73c508a147bd36e9d77c5ed6f1e5dd12d07fa302484

SHA512
dc8cba045d913975822d6303137011ec5b345538604da99dc1d86751df468c5fb32d1baa000d34d29a089c334c56131a24b51c469670505be2462e6eb6a41e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw8927.tmp\nsProcess.dll

Filesize
5KB

MD5
1893074522a853f68805a1b99a6ed91b

SHA1
cf0ddafeb6f3b5ef496ba03d2d170fbd796aecea

SHA256
cd85f428b4eac6c766b95491cc44959d47d3ba578f37cf402a8d5d5d8e2a00c3

SHA512
7779b3b64d9cc16b576bf3a3513b43620efdd72351e451c7a70c5c0728592300b6adfc24d6efbc4f3107834a14b9de424e1478d9d69b22bbbaea9d53ec3d6f43

Download Submit