23dae0d1939fb88da491a0e5077727e122253a891e282654d9d7be9baf9520a6

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d595a349b3f1048ad1360e088d1839bb.exe
Size

76KB
MD5

d595a349b3f1048ad1360e088d1839bb
SHA1

277391c27d089da796e1ad0da31a4aa352b177fa
SHA256

23dae0d1939fb88da491a0e5077727e122253a891e282654d9d7be9baf9520a6
SHA512

1059938fe732ba8759a3843e36730e69a0897c9a828543c060c47cb984e2b5000daa6d5aba7bd59b842319cd571ab30bda2a138fd6ffed71d03f44c2512367f4
SSDEEP

1536:LLXB65939tY6HBg4sXJp+ekp6jC+/ClJUDS8qcy4rLnVR:LLk395hYXJpS4WKC8Djy4fn7

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2424	iWinGamesSetup.exe
3188	InstGameInfoHelper.exe

Loads dropped DLL 8 IoCs

pid	Process
4288	d595a349b3f1048ad1360e088d1839bb.exe
4288	d595a349b3f1048ad1360e088d1839bb.exe
4288	d595a349b3f1048ad1360e088d1839bb.exe
2424	iWinGamesSetup.exe
2424	iWinGamesSetup.exe
2424	iWinGamesSetup.exe
2424	iWinGamesSetup.exe
2424	iWinGamesSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0009000000023250-15.dat	nsis_installer_1
behavioral2/files/0x0009000000023250-15.dat	nsis_installer_2
behavioral2/files/0x0009000000023250-16.dat	nsis_installer_1
behavioral2/files/0x0009000000023250-16.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 2424	4288	d595a349b3f1048ad1360e088d1839bb.exe	101
PID 4288 wrote to memory of 2424	4288	d595a349b3f1048ad1360e088d1839bb.exe	101
PID 4288 wrote to memory of 2424	4288	d595a349b3f1048ad1360e088d1839bb.exe	101
PID 2424 wrote to memory of 3188	2424	iWinGamesSetup.exe	106
PID 2424 wrote to memory of 3188	2424	iWinGamesSetup.exe	106
PID 2424 wrote to memory of 3188	2424	iWinGamesSetup.exe	106

C:\Users\Admin\AppData\Local\Temp\d595a349b3f1048ad1360e088d1839bb.exe
"C:\Users\Admin\AppData\Local\Temp\d595a349b3f1048ad1360e088d1839bb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\iWinGamesSetup.exe
  C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\iWinGamesSetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\InstGameInfoHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\InstGameInfoHelper.exe"
    3⤵
    - Executes dropped EXE
    PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\BgImage.dll

Filesize
7KB

MD5
0e6d71e08eb5f3fe111c2fc10cf3f669

SHA1
e50d07fa89a8a36e39196ef91ee10e6ce7e96289

SHA256
df4ae53731440c2a7fbabac6ded7684fadc03c050c3190a6ec38b1eaf88b76b9

SHA512
20325b41ea54f8aeae09a127e15400d462e99a86365d8b82d4b2d2cc13db6d7ecbb9e5db23091d8b68a92b3bb8cf87fabf9decd3f77089e32af2cdbfd705b77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\InstGameInfoHelper.exe

Filesize
99KB

MD5
3d3d2bf9c42dbdf97247775c00f22190

SHA1
7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

SHA256
59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

SHA512
6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\gametitle.txt

Filesize
56B

MD5
5f32aa043cdcd0741f5443cd06309f16

SHA1
837ae4e64a914730a00c881a964a361b16652e7f

SHA256
31e80e35abb4855ad204127efb8ef01359d10b43dffe0607dd1cdf3b7b891287

SHA512
aa8cdf9ab7f466cb0d79cbca39d7c2bd281ec2790ef9572cecd28a2d818a9803fc88bac3588894fe51452a90c2134311afa5346f835b03c7c4bc897657b63125

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb5540.tmp\tn_feat.bmp

Filesize
4KB

MD5
3da118efa5f488980ee1f8fea39e70fe

SHA1
2efaecf4ec4bdd89e4fbcb7275325f4e07aec08a

SHA256
64d8c7f8e857f330b68fe9f0aa45811235e957e8601f9a38d1065fbfd7e12535

SHA512
c2e6792274e4fb58f29d444fa63dbb0f561addf9e26b1cd15da7e5bc77522ee8f2f5bdb729c7c998f758f023e8ba1dfcbcb3623f8797122d125521ea3fc2ba55

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\ftdownload.dat

Filesize
512B

MD5
4b53a6c06d0d143daa7c5b28118448b8

SHA1
f93e43cee7764a16fb46e7547ea4a2a0366da280

SHA256
03c4e5d7ad893f1d301d434e717872d1ae4080e5dae6a6ec73e06bd9e0256758

SHA512
f6f0bd5d787f215d48959c0bb509fd98aecbd951cac3c8e11c8b8f3267c4614197058830a2843005144756f80efc0e48cb957f9a2f3cd4595fbbf086b5116faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\iWinGamesSetup.exe

Filesize
4.4MB

MD5
473e2752221ded265b1400ef7128bec3

SHA1
39203b12ad3faed3478b241c235cd25f64f778cb

SHA256
bfe2df96671ef942818a746eada9cf41c769c93c70c0364b6b6dd380b1d42164

SHA512
522bda0482899de539b62c80af207441678e29346a576dec0087506c8348216ecfaa9178d2aa585728e97a2ef2b8ee32cf2ed12f6246ab5b7a3c810a8a4aefe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbFCC0.tmp\iWinGamesSetup.exe

Filesize
4.3MB

MD5
dd44594b541948608cfabbe790d80312

SHA1
d4380ad3a8f425d941016c0f374b8d72c3daa8b6

SHA256
1fbf641d8f51b2258527d09e80b108c55d578a04af78e1d1e2c6cf176908a3c4

SHA512
0cbe7d93f82d1a4035b6f964094d9029c800043c4762e44ca07fc26fde685c66f5c629043039b85b28821d3fb779652429a4d273fdf29a2bb13146b2f9d7494c

Download Submit