74363f391dd3c0950e22d250039c3b5f68277229cbcae9656b02dd4a815754db

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

1.6MB
MD5

8023237a9b7b9d83e2877178cf79b6da
SHA1

5d41dc9269099c26bc0f6dd4cd57f771fc7809de
SHA256

74363f391dd3c0950e22d250039c3b5f68277229cbcae9656b02dd4a815754db
SHA512

bfa063f40f57675492eb3f73977453de5c7e54643a79d6052cab12b1acb5e9524772f7d68f4a774e62b0f6efa89f153583663e81f2fdd9e49659e2e02951b5d2
SSDEEP

49152:dmxEXgISAuEXRIFkzQtsuIIFksoSgZppYrHt45ddWwO:2lIS8u2QtKQoSWorHt4pI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
556	Assistant.exe

Loads dropped DLL 1 IoCs

pid	Process
4584	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 556	4584	Setup.exe	88
PID 4584 wrote to memory of 556	4584	Setup.exe	88
PID 4584 wrote to memory of 556	4584	Setup.exe	88

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Users\Admin\AppData\Local\Temp\Assistant.exe
  "C:\Users\Admin\AppData\Local\Temp\Assistant.exe" "C:\Users\Admin\AppData\Local\Temp\Temp.exe" "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Assistant.exe

Filesize
1.5MB

MD5
3f5c6fb5347be277e66b2780317499dc

SHA1
233a757c34b1cf79fecd91ddf50b7ae17b8a921f

SHA256
71a2d19795960b57866f01eb15f3257978d595f593839c2f210d1be00c9ead7f

SHA512
7bc0be2de7e1ddb11f6f3389d6f552cf4349e0c3006f2399b92e1bd3a94773f2c843a10d7cbb51071c7372137c4562a39cb2412d30cf55bc53083d1b10dd8b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk5FB5.tmp\UserInfo.dll

Filesize
4KB

MD5
d9a3fc12d56726dde60c1ead1df366f7

SHA1
f531768159c14f07ac896437445652b33750a237

SHA256
401f1a02000ff7cf9853d964dcba77e6f0fa8e57256b11ed3c01171d7a97388a

SHA512
6b06e3446df419151dd20cdb1d9c595fe9fb0972e7dfc50dadeea9f868d8ef0cd4cefcb18c7ebfc0d2a3e9171f8aa1f9fe762f54c374667f6060e8ce7e845f51

Download Submit