Overview

overview

7

Static

static

3

96e08bab83...6f.exe

windows7-x64

7

96e08bab83...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96e08bab834e1f47525adebcce9c6e6f.exe

  • Size

    55KB

  • MD5

    96e08bab834e1f47525adebcce9c6e6f

  • SHA1

    0f723d9d7839e24f1c6b00181d8bf1385964e4fc

  • SHA256

    94f1fa638d1498e05fe5950b89abf7a5a956aafbb1e2b5b226a3c1595b112698

  • SHA512

    a595b876d76d4fb56a0a361e2246b05732b295a676b4f10f72f1882f5f246e77612a6cb658338976932ab266380d56a2e295141062a98f078abe0020cf199319

  • SSDEEP

    1536:u3cpyORJLuB4P4AJJlavOtmLbNL8NDyDu:u3c1fP4AJJlDmLp4Zy6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96e08bab834e1f47525adebcce9c6e6f.exe
    "C:\Users\Admin\AppData\Local\Temp\96e08bab834e1f47525adebcce9c6e6f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
      2⤵
      • Drops file in Program Files directory
      PID:3208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ife.txt
    Filesize

    19.6MB

    MD5

    7e84e81e2df4a5b4c99805f447bea284

    SHA1

    752baff3bafa0c04e23ce8f19f5426a80709df24

    SHA256

    025f9e850d8bde59ea3f623af2460020088d8905f753fe5ca3caf6355f781445

    SHA512

    43a0b799bb5a81d78903c5610cc3bd7ad1debb08ad9468fe8101e1e39b4dffe87f3cd8434fad88a263dd03cb672d13891e43945494ef357fe0e37115c5d5dad3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4BD0.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    e54eb27fb5048964e8d1ec7a1f72334b

    SHA1

    2b76d7aedafd724de96532b00fbc6c7c370e4609

    SHA256

    ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

    SHA512

    c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4BD0.tmp\time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit