bd2d87b035ec050674c8a9b2f6c3a219b2ea113bf62edc87cd4dcad456f69f55

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uninstall.exe
Size

77KB
MD5

9732685fe4906be555cfc51c3cb28c37
SHA1

9a9975d1137dda9d45c89c274d6872bf4114a55a
SHA256

08a77713b521e2d9fd79e02600546225bf29193ebaa8f8d711819938a0deaf89
SHA512

bebebf56ce2e6ca5e254d57e8b52acaaf922a1b2835fd106973cdeda717a08839f2e4695915d3b1f245a36eb26d695c65aac7ffe4119a3555161c214351f4d2d
SSDEEP

1536:ppgpHzb9dZVX9fHMvG0D3XJpYRN6QcIsBb1u3xhf6t8aQ:jgXdZt9P6D3XJpq44ku

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1888	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral12/files/0x00070000000231d4-3.dat	nsis_installer_1
behavioral12/files/0x00070000000231d4-3.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1888	2108	uninstall.exe	85
PID 2108 wrote to memory of 1888	2108	uninstall.exe	85
PID 2108 wrote to memory of 1888	2108	uninstall.exe	85

C:\Users\Admin\AppData\Local\Temp\uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
77KB

MD5
9732685fe4906be555cfc51c3cb28c37

SHA1
9a9975d1137dda9d45c89c274d6872bf4114a55a

SHA256
08a77713b521e2d9fd79e02600546225bf29193ebaa8f8d711819938a0deaf89

SHA512
bebebf56ce2e6ca5e254d57e8b52acaaf922a1b2835fd106973cdeda717a08839f2e4695915d3b1f245a36eb26d695c65aac7ffe4119a3555161c214351f4d2d

Download Submit