ae5c9711a2a1d7480ff3a4893f1ae8ac3d2fd39ec869f08685600ef09cf79825

Analysis

max time kernel
24s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LibManager.exe
Size

71.8MB
MD5

d7d2e9ce66ed971ac9bc6d0f8a9413e1
SHA1

b622b28ac1b52aa5546ef097118d8aeaa2eecfd4
SHA256

ae5c9711a2a1d7480ff3a4893f1ae8ac3d2fd39ec869f08685600ef09cf79825
SHA512

4b0acefb9ad96418a8186c118dc3b21526c56bb2d67844f94316278c97cee40cd7c8ee00ba85c5afc923fa5db81b19e0d47461a3ff61e945a0dafd769ba7b322
SSDEEP

1572864:9ejOS3QMOXDuDyEUBypdsF9y7+MRl0+MdNks7unTv1k+lGSfh42Z4cgN:9B5aeEAySK+Mn0+oND7qtGS3gN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1992	LibManager.exe
1992	LibManager.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1992	LibManager.exe

C:\Users\Admin\AppData\Local\Temp\LibManager.exe
"C:\Users\Admin\AppData\Local\Temp\LibManager.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2d0T8ZDB76dUML3qd9yqMPw862Q\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\LICENSES.chromium.html

Filesize
6.1MB

MD5
476d6674756616d123fc39cffb961f1c

SHA1
0936af8d8f3f7af28eec5cc4be8db92bd5b4868c

SHA256
0e442628517a1976ff005cefeda737cfaef562b589805622cfe61b4fec71eb19

SHA512
eeccbcc6d1d5133ae8bab0ecfefcedf0e73999f4ea464d84fbf153e62bb22017061978ea034fbe579b9816ea0c1cf0a251da97b38b1fae72c91bb59f39168e08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\LibManager.exe

Filesize
1.1MB

MD5
73226fede20eb98f5217b8eaf21c390b

SHA1
e65d964e9f96bebad699f49d0efea6650ea78d87

SHA256
aeca2b2ab3d542fd99bbc7901bdb11bdbfb49e6d94097773c1c266a63f20f838

SHA512
41089c565a976bf6716943b405638ca44bea4d0ddb0af2ae99873aafc85712baee8142f24510df289bd7d687ce500b9d604351f5b8f02af13a21be000a67e3ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\d3dcompiler_47.dll

Filesize
2.1MB

MD5
a1cf8c199e10aa4d6a75ce6afcdd1794

SHA1
f6a15b5b2eb47de265fa56e067a62c34e06fb8b7

SHA256
0b2ad7aa28bbe1e910fd23ed70d12060dcf939ac07e0e0f8c0716890d357db80

SHA512
f740a6b9d799024dfd86b7fd9c020a6572bb6587d92cbf9df7357dda12e1cec718d1bc7fcbf3b3e0f3c5befb3820a0a11d07abbad6d13017e44f06bb82370363

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\ffmpeg.dll

Filesize
1.2MB

MD5
5bd4a8ed665f78118a000b8c26d5765d

SHA1
fce3d6b689e7c7ce14f11dfe0eb9ce6eca928b82

SHA256
bb80099779ceb2012d46ee3ffbb2ba2c1c62317b96eaf956792dccbe2ea2377a

SHA512
4885f0503d48c2c438752ebd72d396bfa2235653b77cf9afec933d1d3c963444189565f8c0ce2e041c68d3f11570ae0ce9cdbfab09632b13379620ec96d09516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\icudtl.dat

Filesize
1.6MB

MD5
e8a36c25b515def9a06aaa5f16758613

SHA1
97debda8d662e0ced83e4b95d57cb4b0d2461bcb

SHA256
38300e5c34cff2a874522b616c8b9737faea9020d7fa3eeee69c6ee3b5698a92

SHA512
b1c65c0998362765275928ddec1f39a0815442dc2042d4ee23189b7ce1896385bd316194d4da8289d641359ee3d798c9c64253171e02ea19c66f8c43b898d73a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
7906d51818c053d8c99a8491936bc7c4

SHA1
2e7790d61a8aa639c6a02be0724715302171d14c

SHA256
66e424b122d13d4be5728215200d3b219fc4cecaa0e6128518d7f8e5600dd58b

SHA512
23de1a5718949b9c624e8a208aeb92596380ebdc2675c3286163e464f8f334baaf3bc5bec529a7022241884ed6b9c9061036106c972acd621f05385703b628a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\libGLESv2.dll

Filesize
7.4MB

MD5
88d60bc6f44a787eecd81a4ac48b5303

SHA1
24780d51c16b79666eef7a236808e3c057d6d451

SHA256
adf1691ed16e29580174ace664410465703a4949fbb729b7037b869fece7134b

SHA512
156b013c25af9a6051528a4e69f0763c38c2122f3e1c97dbf84a8e464693abcd1d87f0e7f3da513a72218b1c75ac4528bfeaf707b6ae9c2299ff4a4a1f045e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\resources.pak

Filesize
192KB

MD5
f83edc4d2da53fe0dc7633fce20605c2

SHA1
6de93597baff4496354e5f000f80a06b3b1ba77a

SHA256
6d5d311a51ed31891724d6445cebfc33e220a9b8d00407cf5e672f19cdb27ceb

SHA512
97b2485369a50dfd48e90fece033990be77553e8deb4b311f14f838a7ae6e0e7ee7fb7b27f358dd050532968fe85e66f24b802a3e42703278126081511e4f97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\snapshot_blob.bin

Filesize
192KB

MD5
e6e10aa708b1f00c7dad36d18e76fb37

SHA1
ae72bc3039e5be219076f2a9f3a046d141606a96

SHA256
4a3329502bdd6d1544d4277d876ff8aaede977dc97aed01bea101ea1909ef91e

SHA512
e57c119f05744d6c588d7c1d0330524eacda91f7746bd0b66e87e556fed60d75d8e8dc2495795ede47822c72249804ad22d8691531731c4bc8a974edb13fa7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\v8_context_snapshot.bin

Filesize
192KB

MD5
b5a165fd5dab07e674e3e1979dd5cd6e

SHA1
280e0afb9699e5b6ea2fb32dcec91a41a9ccfb87

SHA256
80b4df91aa65a956da35ba8fe7f606a966b00ac22cc55ef0c60e1d9756611653

SHA512
f1c756e2bd70df80f72567068c844e61143774055582401b668c55ba69efdf592a9b4f88bdb2f73442e09cda80567529d1ff1d372a3f2693440f0e8add0eb3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\vk_swiftshader.dll

Filesize
192KB

MD5
406e6f28486489b1e2794395fbbf6b0c

SHA1
61bb800c75749b7a4de4dd80c8d70b182b30b1ab

SHA256
028c35986036721d4ef0cf718650800178865c92bc0f32ff69b06254bcef90b4

SHA512
9d1273944d988e187dd340560866540520b362da1caa6adf3479c0e0b1df7d2d8f39b47ce55534b2995cf96c6783bd1c6afb30a268402e3b7599b081231e4ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7A51.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit