898afd6a9a30b774d8f6183de0c8ea19b54b69bc362af208e0960c5fe9fb52ad

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IconixSetup.exe
Size

3.6MB
MD5

b38c9c094c8cf0224bb574d6323f07d2
SHA1

4995f63cdb1212a1fe66c36b63f31e20db94a598
SHA256

d88c36689ad1f53e9afec52230f41331c6bf9bb04f63f4a97ca2d26888abf564
SHA512

b0464b3b0778a272de622b8117964cf9308e58d236d563c9ffed810d410d63602642bb690b499ed55fca5304c6781dabe85469f3ae2bcf1df54f7758abf2c070
SSDEEP

98304:eXzxXLsSSfRaKvm15TnZzh7/MtKfUU4kLyU6PMA9pq:azhhK+15thjOIUUkMA9s

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1404	IconixSetup.exe
1404	IconixSetup.exe
1404	IconixSetup.exe
1404	IconixSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\IconixSetup.exe
"C:\Users\Admin\AppData\Local\Temp\IconixSetup.exe"
1⤵
- Loads dropped DLL
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst50D1.tmp\AutoUpdateAgreement.ini

Filesize
1KB

MD5
2f7f79f1d0e087613939ec9cf2615682

SHA1
55de8b4e99dde4fc460b3a743bc4befe3f156e2e

SHA256
cb18491d26d4c3c58533bda83b225cd281c7a0d6fb9cd0373b3d997616b330f9

SHA512
68ef07f35b96e8b0ec11f96de0ad5f8318d3015aae76be21ec1f887f2ab6468e659cd31f2b5d939dfb89df70eb219f4514956f721c479ec6f6d70dea6784f22f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D1.tmp\InstallOptions.dll

Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D1.tmp\System.dll

Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D1.tmp\UserInfo.dll

Filesize
4KB

MD5
e24e45e1bc891bb8825e6b0b0ec6d301

SHA1
1380610230807f3c5ec390b426a3eb3acbd1cfcb

SHA256
980db656b2439cb78427163d2e323671d6ef47622b50abdbe6c83e05f4cf2958

SHA512
7bf692129c675ed92515ee94ab6bc05afdc0f072873da142ffac11d6ac4fd94972e1ef5007fd6f5130b50d2fbcf24ea144ceec9bc5780145884515635e98e717

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D1.tmp\ioSpecial.ini

Filesize
668B

MD5
7b2b7d6079325fc0b25a6626c0fd5013

SHA1
88be5a62822c62a3c79318d25d6b3003b5272617

SHA256
e1643eeaa98f3d35f72fa1c3d609d167f50a004c21098a4a6eb70f48ae386a83

SHA512
7c5e602317278fa5c536d547be3f61b850faf50ad0afea57f194777cc3fd80bf02c68d35ab4349ac2f061a51bfa25930dafb127280d9551e5699c7cf2c51487a

Download Submit