Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 04:11

General

  • Target

    $TEMPLATES/Setup.exe

  • Size

    1.8MB

  • MD5

    a6f4051f7da492db1ea4096f2effd24c

  • SHA1

    e2c64323fb25429f2c0c39cce159b68b43989b6f

  • SHA256

    4ffc6508abc6b72a8b552f1ea9a9127c5c201b4e1e07b0918c3b46921dfd5563

  • SHA512

    5c108d871b6afc4c1494f9776583e2b02ff6359c0a8bd20ce207d27c95c92610b5f0cf4984d4b1b888a358633547836d344407b161bc156f25fc87771f2ae2ee

  • SSDEEP

    49152:Lan3Qme67H9Bt1PA5dHwCUYontVVz3Ap+jJ7MgDVN8jRJ9:2n3Q4dB/PA5m8ovVzzEjH9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\Setup.exe"
    1⤵
    • Loads dropped DLL
    PID:4360

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsj2ADA.tmp\InstallOptions.dll

          Filesize

          14KB

          MD5

          107737e3282fefd85684f2fa3df6d1c3

          SHA1

          3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

          SHA256

          21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

          SHA512

          439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

        • C:\Users\Admin\AppData\Local\Temp\nsj2ADA.tmp\ioSpecial.ini

          Filesize

          566B

          MD5

          0529edf39cbfb7373736d039d0aea663

          SHA1

          253077b241bdac36076a19ed56b7936c1520207a

          SHA256

          5c5549d2e7495ee06636bc41a7b69cf15909f6cf45e363987c32c1703a28870f

          SHA512

          df757eb46d154e5959938dfee118d28cbb68d1ea2836d6df0ad9100d0333132681e7ddf50a603847549aa9989c19fe81061580993868314b119fc8213bd54c3c