2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29.exe
Size

13.5MB
MD5

6d39824fe08b08654fe4a07852cecb0e
SHA1

d550d74ee3105a1714f06add1d1d6f9e33cf8957
SHA256

2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29
SHA512

07e87f162bf46431840422442fb475be2ab8313f06fcd4846832cd8c7f34da704a7236ba58cc905a89fee4cbfb79ee221a627144980c699296299e4263963102
SSDEEP

393216:P1hg31hoaNeJVQEniE+VnhOnkaj2C2ajuXm8V:qsniE+ykajHYV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
620	2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29.exe
620	2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29.exe
"C:\Users\Admin\AppData\Local\Temp\2f4390ae0aab81763150242ea83a08085f219f626305844827889e4a52b1fb29.exe"
1⤵
- Loads dropped DLL
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy5C1B.tmp\InstallOptions.dll

Filesize
15KB

MD5
77e644d8679615a380a14d09678c182c

SHA1
89090165a13d7f3bb8cc590cb5486d3bc6d8882a

SHA256
da6807e5aacc9dec4c72c417b6fbbc66087c136d14b60c6c472e511625045eb2

SHA512
c9d8d6da5c854572f7271e4c617bfa106507cfa382b3ed0e051a8f8099127ea9d3ff2d35ca30b6fcb6b2e2130a26c6a8786129d363e59bf6d58987dbb28b444b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5C1B.tmp\ioSpecial.ini

Filesize
1004B

MD5
22b774dd75fd7973ea4391fe3ead8da2

SHA1
3b71829fedd2824386ce7d069a6a5bf889df6135

SHA256
01cf15c42b91b2cf69fb704c17707ad003aa9570fe2986d694786da627159566

SHA512
0a039e8b247ecc71cacb24c848e9b748c2d48a2ddb7650f35f402aa812c7066ff5fbda993b7c50406ccbb521de8b29c2006d7fe8f1a9f7a07b6acae895a97fee

Download Submit