6c8a9c3a19aa670fad65c5aae197d28ab8e6e99cc1904e8223b6c26ce8171603

Analysis

max time kernel
152s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HA-ApexiPod_v418-FzH/Setup.exe
Size

10.4MB
MD5

d6c6f812b99302a7134112ee40a5bdc5
SHA1

4cf42caa4aa29dc8be19c67cf713bac4d8541266
SHA256

e6a9d02e4778d0c8be1218201ad495bcc1017eeaed61fe3be4bb74ab3e68f35a
SHA512

4976f8339f1766b5ff4b15354785336723461a137c3b0adbf2c29928559160d53053fa3910fa52323e934124253f6a9be42b728cd7398dd55b8025ff912c025b
SSDEEP

196608:kzkb1W4Q5s5z4hkebz27M4z/w/ifSDou8tjlsooYMIHXzKKBriPkkWHqaYtkMJFw:kz+iCzGpbcCiNtJX5hXzTrckkqdYtkgw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2200	Setup.exe
2200	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2200	Setup.exe

C:\Users\Admin\AppData\Local\Temp\HA-ApexiPod_v418-FzH\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\HA-ApexiPod_v418-FzH\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsj8B51.tmp\ioSpecial.ini

Filesize
656B

MD5
573a1927f0f14a3ece0d8c4b2a0eab39

SHA1
3af1a6b8e40b97bc61fee5fa2ecfec9804d45bd5

SHA256
f0f1afdc27233098ca2fd2f74cbc85ee2b05755cb5bfd5b9ddf5e9c75699b76f

SHA512
8025045b308fe004decddf73f1db6866160d32f3fcaface521102ef27a7e234c80ab9434e5ed1df4395149e564562a5cdf47f8ebd243c1535c2faa86d32ce3e6

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8B51.tmp\InstallOptions.dll

Filesize
14KB

MD5
113323e18d1ffbea2569ede8068615f5

SHA1
057d67d3bf635b24ae12380353a0507469f1c8d7

SHA256
dad65aa69fccb608e7bdd620a6b8bf3eb9cfd720a1ff24d6a23837e25eae1ab5

SHA512
b55cb9f5b9f45559cbaed1657ce0469d606043d49a1b65f2095867437a8b7fc067207ad775df54d7eb3d607c4b30b29cafb6e23c7863ade5e4a362aa30116ee0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8B51.tmp\brandingurl.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
memory/2200-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2200-1-0x0000000000830000-0x000000000086B000-memory.dmp

Filesize
236KB

Download
memory/2200-2-0x0000000000830000-0x000000000086B000-memory.dmp

Filesize
236KB

Download
memory/2200-90-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2200-92-0x0000000000830000-0x000000000086B000-memory.dmp

Filesize
236KB

Download