ece8a18ca4213a95ef9b7d6f9bf18b81572c159cf2c7a836d70e2716cc7253da

Analysis

max time kernel
122s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/npcap-1.71.exe
Size

1.1MB
MD5

40cfea6d5a3ff15caf6dd4ae88a012b2
SHA1

287b229cecf54ea110a8b8422dcda20922bdf65e
SHA256

5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c
SHA512

6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024
SSDEEP

24576:AsYWFL4QHgF62xcgglC74wf9M3pK/Sn0Oaz+yruSOnN:1L4QAF6CFhl1Msqn0Oaa7

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Npcap\install.log	npcap-1.71.exe

Loads dropped DLL 3 IoCs

pid	Process
3888	npcap-1.71.exe
3888	npcap-1.71.exe
3888	npcap-1.71.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\npcap-1.71.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\npcap-1.71.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc40B4.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc40B4.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit