630a76310508c5aa4cde07bd19374129306618751e71301673af4b77e8daec77

Analysis

max time kernel
141s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd233208f1839c8f352f97de36b36bb3.exe
Size

6.5MB
MD5

bd233208f1839c8f352f97de36b36bb3
SHA1

2d4080d0fa4176dda7d9ca7d985e2956aaf65a93
SHA256

630a76310508c5aa4cde07bd19374129306618751e71301673af4b77e8daec77
SHA512

e2a614d4f65c5c37cdf871c40bad95fdfd6997dbfb1281ab5340f1eab909cf5a42fd3330a449617d2743219d476650bd2475cc5d31c0ebd2f1b30cea5c31b8b7
SSDEEP

196608:HvOr8+kIIFthsGUNJdNZ/mAvKf6GZhk547:G8utfdNZ/m43Ik5o

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
8	bd233208f1839c8f352f97de36b36bb3.exe
8	bd233208f1839c8f352f97de36b36bb3.exe
8	bd233208f1839c8f352f97de36b36bb3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\bd233208f1839c8f352f97de36b36bb3.exe
"C:\Users\Admin\AppData\Local\Temp\bd233208f1839c8f352f97de36b36bb3.exe"
1⤵
- Loads dropped DLL
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso7413.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7413.tmp\ioSpecial.ini

Filesize
728B

MD5
db1446e0f41cdfb27f55b5328624ec00

SHA1
d9e9dc234dd8f0bf02f9187c27c269a6d34a39c7

SHA256
44959090ee2267d32c616dccd1f0ce8ace280deda7c8e624cb19b22e518fe2c1

SHA512
a38b8472a0d30fe06982bfecf838ee3799ca86fd9912232b0551b3210dc4b76a55eea17005afac6c6e29696ab9138348db3021602b0a092237efd39258163118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7413.tmp\registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit