24d824fb3eacf87429dfc236d3c491dfaa13ed412c4aae09de1aea967f3191e7

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a31944ff5c7531ecddbf45ac0d864ea1.exe
Size

925KB
MD5

a31944ff5c7531ecddbf45ac0d864ea1
SHA1

6bf457bf7f64a3cf7773f45a29ec97b2b39560ed
SHA256

24d824fb3eacf87429dfc236d3c491dfaa13ed412c4aae09de1aea967f3191e7
SHA512

5e099ea7b9d03d5e2ccb75bb7af5d3c4e86b85b5b65b0c050e076d4f3796f72505c15ff2224aaca4bd2295276db3b0c1a80d8ce5f66670828b7b867de1df49ef
SSDEEP

24576:yL0zpn6rCMmbaD1VDd0vqdHsLS23i0iDHvJR7wGGg:bzppbMfdHwrkDHvJV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3200	installstat.exe

Loads dropped DLL 4 IoCs

pid	Process
2024	a31944ff5c7531ecddbf45ac0d864ea1.exe
3200	installstat.exe
2024	a31944ff5c7531ecddbf45ac0d864ea1.exe
2024	a31944ff5c7531ecddbf45ac0d864ea1.exe

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\Documents\backup\desktop.ini	a31944ff5c7531ecddbf45ac0d864ea1.exe
File opened for modification	C:\Users\Admin\Documents\backup\desktop.ini	a31944ff5c7531ecddbf45ac0d864ea1.exe
File created	C:\Users\Admin\Documents\backup\User Pinned\TaskBar\desktop.ini	a31944ff5c7531ecddbf45ac0d864ea1.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	a31944ff5c7531ecddbf45ac0d864ea1.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	a31944ff5c7531ecddbf45ac0d864ea1.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\SIGNUP\msn.1nk	a31944ff5c7531ecddbf45ac0d864ea1.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\msn.1nk	a31944ff5c7531ecddbf45ac0d864ea1.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\in	a31944ff5c7531ecddbf45ac0d864ea1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.1nk	a31944ff5c7531ecddbf45ac0d864ea1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.1nk\ = "lnkfile"	a31944ff5c7531ecddbf45ac0d864ea1.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2024	a31944ff5c7531ecddbf45ac0d864ea1.exe
2024	a31944ff5c7531ecddbf45ac0d864ea1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3200	2024	a31944ff5c7531ecddbf45ac0d864ea1.exe	93
PID 2024 wrote to memory of 3200	2024	a31944ff5c7531ecddbf45ac0d864ea1.exe	93
PID 2024 wrote to memory of 3200	2024	a31944ff5c7531ecddbf45ac0d864ea1.exe	93

C:\Users\Admin\AppData\Local\Temp\a31944ff5c7531ecddbf45ac0d864ea1.exe
"C:\Users\Admin\AppData\Local\Temp\a31944ff5c7531ecddbf45ac0d864ea1.exe"
1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa6013.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6013.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6013.tmp\ioSpecial.ini

Filesize
568B

MD5
7576562cc65c8ae0a4ea80d9981b8617

SHA1
ac7c8a4c29aa57bf42d0ae171ef5def9c61a2548

SHA256
9a14e89717936e94f25ec2b130e77032f408e61bd8930cdea02a1335c95c9c86

SHA512
72215e910024438ca5d726215756fd9890f1a8860037be6855b9f30fb03f72397de11199f808f50b02e56f083392141a917d78458dd485c803eb34d6eeaddcf5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.txt

Filesize
2KB

MD5
58b9b2dbba945f94517a98db59c50ee2

SHA1
859929c1ff74d95532a62869d5c9d2ba42d82994

SHA256
3e10f365918e0c90b66d7f7fe52dd6ebd54b5bf659a6b758f4eaf50c1fbfcd56

SHA512
5f795a3a8f37ef097043538cf66558ca275883b6c41866010978421ea2e276b82c7c1045399e95004a22f02c90476be91705cef855839e94bc694b5e9bed3d23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.txt

Filesize
2KB

MD5
9ad2da787291673bdf7f23ddb4584448

SHA1
7a3bf699ad882b079acd22c5ea4449de2f72e31c

SHA256
104cb9e122bdee68201f2b1b66b7a95753f678bd2b44b88066b4127ee619f950

SHA512
627a3fe8ce9374c7621b7df3ae8c2836f76e9db753e24651fb8647b3a9609f7c9fe3c504456e0446a00342fd794b5bcfde3a0d64f351e76c207664c561c041d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.txt

Filesize
352B

MD5
325b790bc93ad8d27655c44365b485c0

SHA1
50b633a4ca28210ca882467cbc0d717d3283ac75

SHA256
78be9c61505cd98110a9b9ead83fac552d5b89fc549988fc9050cdaffb66f281

SHA512
a110a939eaab63be4cf362f4755f46486d41abfb316dedba3eb553d06bbaaa67fd2db31069fc47e937229f7a5c741aafd6dafa3c5a2cdb0cc9a62e0c2400e7b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.txt

Filesize
334B

MD5
dd26c664f5264c672b6c4c260ed79c73

SHA1
b118670620d7214224c7ed2dc14ee67d7a49c044

SHA256
f8af405fb4819223f8f55c0ee3c054d58998af1560cededeaee35ea46a3497bd

SHA512
7d4773e7b7a9bdeff00886b73e082c1fd74f349db88edaf5a2fc1fad312ef770a70ea6f620833302e3e53c82d539c7132001610b9b24c4540b2f829cafbbadb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe

Filesize
44KB

MD5
7c30927884213f4fe91bbe90b591b762

SHA1
65693828963f6b6a5cbea4c9e595e06f85490f6f

SHA256
9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

SHA512
8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll

Filesize
528KB

MD5
d96eb3c463e3d79bde702cabb882d2e3

SHA1
952c4a91492478d6e99dc18557f02873df400a69

SHA256
59fa6395e5752ce5fa4d077b0174c05ffd53607b0dde03e041ff8c2a746c86b0

SHA512
ebe922743a26dac2c8058a77dc7805006917fa2f95b83f257b2b3d734e1d346f7d3ad460fee02d39c2399dbe2ec26b4bd20f8ccf7858f0feeb8a43c6cc5d62df

Download Submit
C:\Users\Admin\Documents\backup\User Pinned\TaskBar\File Explorer.lnk

Filesize
407B

MD5
f727cbb9351106b2dd46f3ef649f3176

SHA1
5732055ec636a4706c6da6857ce1c1ebc1bc86e5

SHA256
cf116b33831de9f80847abdb2a0d92ab3d3f956a8e209ec95d35d986eea8c7b5

SHA512
01dffdcec62254701b9523bca7f572c1f5a5328a18c01fd6590721aded39d86db801bda23bb83b23876b67101991426a5c54087597971206276eeb18dd70f6bc

Download Submit
C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Firefox.lnk

Filesize
1012B

MD5
31d7a70ec02f9232638861bfe0be4531

SHA1
d89f9099dc4ce7926ad6c2d09af9865a4c564d44

SHA256
dce389da9dbb0fef069fbf370fcb68c5a434f3b7fc2e6bf0f7657b3b591d4a55

SHA512
ff7c2e085cd996367e9b242da761b1155759d568a3e577a18301a7fb5337fa3f2e32d4ab41f13263f5b8af35d8aa2a7d0c42ac450df73192d15bc8d77f181ef8

Download Submit
C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
4f5d3642ddb91e71915443c754f95993

SHA1
2e271aa9976244eab1a26e81b1f4cc0defa61223

SHA256
74b29eec61b0d8df5c070880de034ea14d72e188b97d556ad95558224637e8bd

SHA512
e6efa2e7c276bfcd11fd2f629de04802dc53820cdf5f5937ae085eb255b8c17d9f3f1b5deafca5b9f00b078e21d4ee3c5862cc87eb4e275e0e22396174c34c77

Download Submit
C:\Users\Admin\Documents\backup\User Pinned\TaskBar\desktop.ini

Filesize
83B

MD5
5739ddee167d55bbc4e313d778724a2b

SHA1
c0bff8120f033ed78dcbb8729fc7a42f015e878e

SHA256
384d63847d60b0612904dbde266eea1026c7c44efc8582a3ec18d2f49ca22805

SHA512
85a84e5d900e6b58bb4c0ff77f33ff41c355932f3f2bf4d13b4dfd4e41c7a0671404731a5d4d3cc3fb15acf838516620f1d9c1f896f3e068279b8da00807b29f

Download Submit
C:\Users\Admin\Documents\backup\desktop.ini

Filesize
148B

MD5
623a388da0f5a5c9892d3eabf1bbd52a

SHA1
1e2f6397843c518728affeb462127d70eab34e91

SHA256
7ec3a3fb6a5f1cd628305053dfadc26fee7f378ea95d7fec212c5e42ae376066

SHA512
83608a90ca9cced09547f21c6b420634713a88fc153d3eed6275e3d38c8d2feb739dbfbeba108a6d8414db7e6e8b081e8d716b2ef905f57f2871a82e2964d25f

Download Submit