f6c68476f9a0016977c5245e6a88c490a177aee26b8f1d20b14635b462f4b604

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 04:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HA_AccessEnum1.32_LRH/HA_AccessEnum1.32_LRH.exe
Size

953KB
MD5

d14a3d62146733502991c2bc90580f09
SHA1

e5cd9768a0c98ebcc1b7a76810c5a24ed9886f80
SHA256

3e06d17620c20c94d859f69db52df30b5470fbb6fdf86e2c4ad84dce16ae69eb
SHA512

efd40e8e7fff38f9b6cdb41098a8eb7ab1df1b2e3af826a006160783dd3166229fe9bf1a8b4e2cc1fbed575aeb52ef3deb2e3ada543d4d455c7d8138f940f00a
SSDEEP

24576:xk+rNGyRifXl4ZgWqUhnlJ9rpSFXANAvS1m6KJ:5rNG1l4zqqv9rkwNJGJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2208	HA_AccessEnum1.32_LRH.exe
2208	HA_AccessEnum1.32_LRH.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	HA_AccessEnum1.32_LRH.exe

C:\Users\Admin\AppData\Local\Temp\HA_AccessEnum1.32_LRH\HA_AccessEnum1.32_LRH.exe
"C:\Users\Admin\AppData\Local\Temp\HA_AccessEnum1.32_LRH\HA_AccessEnum1.32_LRH.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy1C2A.tmp\ioSpecial.ini

Filesize
673B

MD5
723465b026edda127ab74d00eabde3d4

SHA1
9a1287929d3b291357ef5fb4e2881d6006c90e59

SHA256
2d053f7da3e859f129d1204df7a42bbeee5385f454d9e52c390a3c5f4fbd4e9c

SHA512
b9f30333a45ec0b913398cf2332009c7ce9519987035d8c5de3a0473fbb5c2f5465547ad83ca7a26e6fc4c2119a1964a5369b1b1b13284125364f00f701cd241

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1C2A.tmp\ioSpecial.ini

Filesize
699B

MD5
3383eaa67b63355113a3a5ba3f265434

SHA1
3d873606147eea3658f70ccd0c627c58af01b0b4

SHA256
f36b8602a7185f01f1a029b4c0294e425ae089496f0d5b47c869a198e28d668c

SHA512
b712a5a013feb59ce2d6a4909e8d0ac0e7ae2be4c9817256d99c126030bfd420a7bfd33143f2b4d7aad6511dd2e6a4d0b9fcc27178d5b9c3754ce317a8c683a1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1C2A.tmp\InstallOptions.dll

Filesize
12KB

MD5
83304a78d2b6ea45ea8404f4cd78721f

SHA1
d5c5d19653c751c08579dd094bcc9fef1841af00

SHA256
92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

SHA512
94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1C2A.tmp\brandingurl.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
memory/2208-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2208-84-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download