a3c3f7a0014e41ff435db5b87ec92e60ada72a94fc401cb1ef3cf6daf71630e1

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

A.exe
Size

10.7MB
MD5

25d325afb078b572b0fbca2b84aa264c
SHA1

6ef782acf674f3e66b5973e143c2fdda7e076914
SHA256

a3c3f7a0014e41ff435db5b87ec92e60ada72a94fc401cb1ef3cf6daf71630e1
SHA512

f4ff58f70a06c425ad832aa19b3dd51b2b4fc534dba8d2cd68a49d5c22e3ce366f5d8b33cd687c7e5a64fb3ab02e60330d66a0c3bfab09750b2afaa508705b68
SSDEEP

196608:CvyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:CKhL3HyGGlj+E3I6Ev0Pex

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1372	A.exe
1372	A.exe
1372	A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\A.exe
"C:\Users\Admin\AppData\Local\Temp\A.exe"
1⤵
- Loads dropped DLL
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\UserInfo.dll

Filesize
4KB

MD5
98ff85b635d9114a9f6a0cd7b9b649d0

SHA1
7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

SHA256
933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

SHA512
562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd5B9E.tmp\ioSpecial.ini

Filesize
1KB

MD5
84ceded3c7328878df1eb3095bcfa309

SHA1
bcb80124debe5110690874d529f295e02d857b88

SHA256
4c6daf4ac42d2b5c1937c00c4ddb918fe28afcb6552990f7ebbfdfe2119c9d97

SHA512
84a10d935dc005033ceb5e18fcf9ebec876fafd52eafabb84624704d6b66ebdd216e7d896f7aa5f8df217c16c9a2960d0ac497ffd283f742608b2e106b669329

Download Submit