Overview

overview

7

Static

static

3

d40c14accd...a4.exe

windows7-x64

7

d40c14accd...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 17:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d40c14accd384f43a75e116685edf2a4.exe

  • Size

    56KB

  • MD5

    d40c14accd384f43a75e116685edf2a4

  • SHA1

    13bafb5a3f6120a1d1264e491475a86e52394562

  • SHA256

    a8bdd597f5d934fe0bdb2ac0d076b3fb30665ce96105bf9e17f10824d5693336

  • SHA512

    1214faf2c21121468764965c1ba0f0d73382a42021e16ec04300cbfb423556eb213ec7a6ee2a882e7e3c01bef249883535e21515a21d08d7403c55d4d172c3ae

  • SSDEEP

    768:coOjbhlc7sUoQnAz3ppOo0QJSHijv5js/wJJQcxdVjPECGSsvb4hx5zTpi:1OPhlosUoAarDX1JJ9dVjPvsD4VTpi

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d40c14accd384f43a75e116685edf2a4.exe
    "C:\Users\Admin\AppData\Local\Temp\d40c14accd384f43a75e116685edf2a4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
      2⤵
      • Drops file in Program Files directory
      PID:1888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ife.txt
          Filesize

          212KB

          MD5

          9ac0a4105d69d8231e88462a71bf5ed0

          SHA1

          01a97a47c38c0d107256e848684c817cfafa27fa

          SHA256

          c98254433e3a6378bc905bb39fe6b7643d7abfc19a8391965c2263621ca44035

          SHA512

          9e4d81e1030cd34b52dc94670f83a318ffc719f073bad8b35f1e737fdb68b0dc54061ab832b9247d38aa0cb31cf97bb1d1439f1141329caf7402aa2a5ce7aec0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsg4A2A.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          e54eb27fb5048964e8d1ec7a1f72334b

          SHA1

          2b76d7aedafd724de96532b00fbc6c7c370e4609

          SHA256

          ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

          SHA512

          c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsg4A2A.tmp\time.dll
          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

          Download Submit