ddd97f91c0c0f9f78005ca4a816d28310f8eb0edca64550f511f716ffcaa27f2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba594694577137cb43e51f0c27676899.exe
Size

909KB
MD5

ba594694577137cb43e51f0c27676899
SHA1

ec65b39980f7a5b32deb241086839bd520280ec3
SHA256

ddd97f91c0c0f9f78005ca4a816d28310f8eb0edca64550f511f716ffcaa27f2
SHA512

a54c5d251658baccecafe84914b66c6c40a35484406f976bdd8421290f1603b522d9e83777caeb58bdce29368ffe470491b74fa7d63220a51c1d11dfedca60cc
SSDEEP

12288:E+FjMBswfp0R311OzMg4HR6GXI04HA50QkTG2FdYEs85gqcW/Ax4w6ER5vo2eiFh:E+lM6u0x3O40dAb2FdYKhcW/WPX5vwW

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1352	ba594694577137cb43e51f0c27676899.exe
1352	ba594694577137cb43e51f0c27676899.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ba594694577137cb43e51f0c27676899.exe
"C:\Users\Admin\AppData\Local\Temp\ba594694577137cb43e51f0c27676899.exe"
1⤵
- Loads dropped DLL
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn4E41.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn4E41.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn4E41.tmp\NoBundle.ini

Filesize
2KB

MD5
d17ab66281c7876ccfbf4ef30cf37ab6

SHA1
37d2daf2a9a5ecaa01ebbfefa2d28c4cdb85519f

SHA256
213c59b9b6248da4273aa9d4b0212a3fcd05e7e07b0a70adc544f29a20b88c98

SHA512
670c5ce7247c884452e78938db3ca0bc0292163b21da4c33e3080950d7a6f736cb05f8b83084435c69342abfbaea117439f118b93305a1a77496534b403007fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn4E41.tmp\NoBundle.ini

Filesize
2KB

MD5
0370ff7590d484da32763709afd3a4f0

SHA1
29d2d88c3a5275896b3ea928e0a52ac509278c9a

SHA256
3164a657d5045c2f35aeaf9a5e01f3b0630ff0db3b4910da02a46a4208fe523b

SHA512
489630f530b8e57e8a683f8f75e4ed460361b2e9b09a94c612860b42f26a659b4c2bf5c2143bdbb4b641fa44402285a71d77acb06906a4b57b0e218c8d00b9af

Download Submit