2fa51d9e1f5ce2b519169d52b98576fb5a8cf138944156bdfa6a6f62f846cd2d

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

240KB
MD5

8f3b6a3809244cfbc192989472f7cfe2
SHA1

2ca0425bdf0a31a08af5262c685a2554fc2324b5
SHA256

03a3a705037da584dc878ca84d02876107571ecf1c2d735f75361f20f2b55e39
SHA512

a17afd41bd37641d12eb286c9bbcd09198cdbbe39e437eef9e2dc03e8a3fc62a052c96f0cb20c1a1f11aedee1827ab6ab58690a7dbdb53d45da832d61e9063a8
SSDEEP

3072:+fi3k+oWDBDh1duXR6uVti1H4YnsTvxcPowV4qaQVCJo0+n6XtvPB:+fL+oqoR6uyJVTPowGPQoR+OJ5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1452	Un.exe

Loads dropped DLL 2 IoCs

pid	Process
1452	Un.exe
1452	Un.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 1452	4536	Uninstall.exe	88
PID 4536 wrote to memory of 1452	4536	Uninstall.exe	88
PID 4536 wrote to memory of 1452	4536	Uninstall.exe	88

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn67F2.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn67F2.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe

Filesize
240KB

MD5
8f3b6a3809244cfbc192989472f7cfe2

SHA1
2ca0425bdf0a31a08af5262c685a2554fc2324b5

SHA256
03a3a705037da584dc878ca84d02876107571ecf1c2d735f75361f20f2b55e39

SHA512
a17afd41bd37641d12eb286c9bbcd09198cdbbe39e437eef9e2dc03e8a3fc62a052c96f0cb20c1a1f11aedee1827ab6ab58690a7dbdb53d45da832d61e9063a8

Download Submit