Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 18:58

General

  • Target

    8fe893c04c504d9757cc28a75eddeeba.exe

  • Size

    777KB

  • MD5

    8fe893c04c504d9757cc28a75eddeeba

  • SHA1

    f0d86c7018ed0c69b2757a20d53ab40d93cd2a81

  • SHA256

    7ecf992f19dffdd28863aeb32309570b3ae896dd151f4fea1986f79853cf38be

  • SHA512

    7dc6b357b33ec52e06274bb2a5b64ab733ac22e5885c729c20b14998a568444e7f8a6fa06ee48c20d145b4b9ea1f2cbbba3f97795d5094f817eb873ba41c9384

  • SSDEEP

    12288:ljDDPEiTWMDCgbyxm9wNqBn/lpOcCM+D980EUkD8XbzxmG32vSNc7:l/Ds82gbyh8B/lpO8E98KkoXbzp2Ku7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fe893c04c504d9757cc28a75eddeeba.exe
    "C:\Users\Admin\AppData\Local\Temp\8fe893c04c504d9757cc28a75eddeeba.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:4256

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsu5209.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsu5209.tmp\nsProcess.dll

          Filesize

          4KB

          MD5

          8f4ac52cb2f7143f29f114add12452ad

          SHA1

          29dc25f5d69bf129d608b83821c8ec8ab8c8edb3

          SHA256

          b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04

          SHA512

          2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c

        • C:\Users\Admin\AppData\Local\Temp\~nsis\c3a019\MINEEP~1.DLL

          Filesize

          581KB

          MD5

          84e4af439cfa4e555eb2e84f36fcb1fe

          SHA1

          11f495bc7b6941ffdd881c7d135ddf674667bd6b

          SHA256

          9f3c348b2967a2582f3276f426343cce69a13fccf58a7413d64fa2deb156fa03

          SHA512

          10549db9c5cd20b2f3b3431e75aff38ed002572b7dced4808636e66c768291d8b9739f0b9d056955accc623b146939a1e1406ec656eb85021dec1e286feede95

        • C:\Users\Admin\AppData\Local\Temp\~nsis\c3a019\mineepnad.dll

          Filesize

          369KB

          MD5

          347c0c851e5230536f5867b0ebc1568e

          SHA1

          7787a7c0404c2ad4b0f6feda83c73b61b310e659

          SHA256

          b7aca04cc4253317817f0cb23c52ae9b19c8c648be8493933cf20ad7aa8dedf8

          SHA512

          3cc07690c69d5982e552164833e7b4687a0650e1e226f5274ed04caf355f400bf972971b827767b2c54aaa1ccce355ca2822591d7a30b39b87f4256e3d249d7d

        • C:\Users\Admin\AppData\Local\Temp\~nsis\c3a019\mineepnad.dll

          Filesize

          370KB

          MD5

          f1b0e3e318416d0684ab5950369f11d5

          SHA1

          2e6bd84b573608c5932702d16f4a4324d8c15006

          SHA256

          f429257098b177b978d6378ee4fa8bb449f39134f92629594a7a5dbc94111124

          SHA512

          a7d979fdf78ca98f97497f1076e3a3795fd00bd706c9a20224984267b463a19137a9b836e8dcdacfb7f7fd3a28cc2b6764f10bc493465d85243a9326dd215b6b

        • memory/4256-16-0x0000000002980000-0x0000000002A15000-memory.dmp

          Filesize

          596KB