4bbb6021ab01478496202bc0cfb7527b068a621093a823c8d02e696da8b6decb

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

9.4MB
MD5

0d5f882ff265554df34ebde89e0a897d
SHA1

8090c510c3838939d4a9015f06527ab8dc46c9b8
SHA256

75df21afcc97aa8efcbc43739d487d045e245aef351847faea4828da030d4feb
SHA512

8995ec060cb5fd62b4419bab73ad0d566e583c78020b87b9abf61bbfb902ecc0232ce7073f37fabd26dde9f83a049a388048377ee72172a98a53f335e1ab31af
SSDEEP

196608:xLWzSggC9iULjRagqE5RJZhvcajHt1WLA62DW9NNGfJxA639zOx:NWmMNL1rq6RJZF/jH2A6PNNc3Mx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe
2248	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2248	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2248	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst88D0.tmp\ioSpecial.ini

Filesize
640B

MD5
269a5d7df1c0c2b20960215fa1b57cd2

SHA1
7ab6547ef8af420886e2692515ef53233c8367ed

SHA256
36575adb40c9f46b1b9e3c8362f004d9534c0522a8f2087c26b502094d9f3a2c

SHA512
6b3678561c1e0d092acdb68fe4c64d4935a08ce7c6b04a749f8615adb5f73ed57a017f363a29cb24a82c2c2556f01c080991744acf325fd326e3220540bf72f9

Download Submit
\Users\Admin\AppData\Local\Temp\nst88D0.tmp\AdvSplash.dll

Filesize
6KB

MD5
416dd1f9853a601f16c70ee016ee855f

SHA1
226a5aa251118f5e337d22017dd0861f2d8b21d3

SHA256
2cf08655bd37f2999612ced3b79d35b537e2b0cd281bb1f452c427879634e7de

SHA512
27e104a657eaed4cc8f58588385af6354d41785df98c8fc02eb436cb4372e3c0047ec28eab5ab37ef70ddca46fc9cf1cc86fc0d95267fff759ae7e610b5f8d6d

Download Submit
\Users\Admin\AppData\Local\Temp\nst88D0.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nst88D0.tmp\InstallOptions.dll

Filesize
12KB

MD5
43ba71f370a45aebcde86d76b83b208c

SHA1
1f14e3c253a5b7255b617084b45e51ef9d6717e4

SHA256
6d0a19614efb523f78477429df04b71459ee69b3d16231798dcfa539b3d2a64c

SHA512
36aaf1ccb7c1085ba9fbacbad6c1505c9e389be5e9bd52ee7046b48302b8239d6e34dfeeb32a2708c4fb7d5a85c1d202fbdabcdd6a2cced0099249640443b551

Download Submit
\Users\Admin\AppData\Local\Temp\nst88D0.tmp\System.dll

Filesize
10KB

MD5
0c8ea8e6637bbf8408104e672d78ba45

SHA1
c231c7acaf9abb7da93f28e1b71bed164d57103e

SHA256
509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

SHA512
ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

Download Submit