96820541e563ae6bd9e97a0ec95bcbc5e2044dc89574d3c8d0b7b40edc276222

Analysis

max time kernel
155s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d494371bfa020427ec0aef15427a95fa.exe
Size

2.0MB
MD5

d494371bfa020427ec0aef15427a95fa
SHA1

b895c3c8b21f33e35d231b7b29f964ad95990600
SHA256

96820541e563ae6bd9e97a0ec95bcbc5e2044dc89574d3c8d0b7b40edc276222
SHA512

9007ec557067f5b7e67bae8acdcc12bc0307f40327df8a2c05743a4592ec94c6531a4331e2798d595eb6874195ed8e4d00c8fe9992658d1d993d8315fbb0f92b
SSDEEP

49152:LJYw9TFXwDUCH4Bt8uTRJiO9r8HxFAzzCQe7:T95wYCAJiO9at7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1864	d494371bfa020427ec0aef15427a95fa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d494371bfa020427ec0aef15427a95fa.exe
"C:\Users\Admin\AppData\Local\Temp\d494371bfa020427ec0aef15427a95fa.exe"
1⤵
- Loads dropped DLL
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsv1F4C.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1F4C.tmp\ioSpecial.ini

Filesize
400B

MD5
5d4313570c3e00a81ffc95caff146fa9

SHA1
5d29b14fa96c8eb70c8e1778fc590f552640c83a

SHA256
6434fb8e763b4d9a9131c837a961d583dd7494943def847ece30ec4505aff825

SHA512
6ad53b0c1761b5a7171abc2afe378cecdf027ebed33198cc42c581cffae1d10614acad31f30df380bd4030296a594745f24b1be489534de3e5c3a869d8f8172f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1F4C.tmp\ioSpecial.ini

Filesize
711B

MD5
a6b961e0af65578b7dc77dc1e072cfd3

SHA1
09c121c9a8b3be6b0f238901a1c06d802758c4ea

SHA256
da6a6f0d00cd3cf6eb7e5dd542fe2aeb7fdfcbfcc5c0550744bf8ea722b4a099

SHA512
1f52d4451397eb58451a8a9ff0b6432244e7077be80a068fcfd8c2c0ee85208074b307da3ed8cb7f04a904b21c9291d3a6e8367e02e5ecbadc7fbc6c45d8d1bb

Download Submit