Analysis

  • max time kernel
    90s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 15:02

General

  • Target

    DAMsetup.exe

  • Size

    2.8MB

  • MD5

    c4f6847c160205eaaba5af06dc3d5873

  • SHA1

    74c1c9a22e85305cb21ff22e68800f96daaa8464

  • SHA256

    5443b1c3aa80091b7e0d86681892e0871a7f1954dfa5cfd33318bc597116dd52

  • SHA512

    997687ab9f5b1507690ffb6d474d7f3cb81d4204e5e7face86c5d1fb54030d8c7c53ad16e533650b5a88abbdf6ab84e58dd8b7d3adb6d049aa244d08d1a950bc

  • SSDEEP

    49152:YKVrCbIS6kXtqMsSOqzw9iDxivzrp/SLyB+Lgyl8WLpqIDXssjromawYuwD:YKVry6ItqqkUVivXpGLLVpq3sPomy

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\DAMsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\DAMsetup.exe"
    1⤵
    • Loads dropped DLL
    PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsb4AF5.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    8d5a5529462a9ba1ac068ee0502578c7

    SHA1

    875e651e302ce0bfc8893f341cf19171fee25ea5

    SHA256

    e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

    SHA512

    101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

  • C:\Users\Admin\AppData\Local\Temp\nsb4AF5.tmp\System.dll

    Filesize

    11KB

    MD5

    b0c77267f13b2f87c084fd86ef51ccfc

    SHA1

    f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    SHA256

    a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    SHA512

    f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

  • C:\Users\Admin\AppData\Local\Temp\nsb4AF5.tmp\UAC.dll

    Filesize

    16KB

    MD5

    acfb66ee6fc1f4266229ec6098fe1740

    SHA1

    e1aeb31b11996015d7f17308e2f2bbe69d4e1476

    SHA256

    6d7e8070fa09cc4bb66fb99c2b88d0f5419602fa64a519437f430d9378300b1e

    SHA512

    bf0b5b22c57c08c88b4cbdd75bdf0c8eac433d42b4d163349391b71bc44d913e4d0e28e0826a7c27b418e6d2aa37c08c90577b56baa946a8f129486fbe01c303

  • C:\Users\Admin\AppData\Local\Temp\nsb4AF5.tmp\ioSpecial.ini

    Filesize

    762B

    MD5

    cb19f50a458d9f2d4d30bfdbb286100d

    SHA1

    a23609a1dd3a1b94745391eeb8173630557e8885

    SHA256

    c764c814b232e5970a16bd9c1572c57ae0ef8ed7abc2d4d1431ca65db46f3ed6

    SHA512

    aa3593034560e8411b22acda4c63b56e89978bf1223ed9fea1d21ae541c9847bac303e75885c99d6381a41d3648e01c77b1ef7272d4cf39d2c1a83d24c7ddd7e

  • C:\Users\Admin\AppData\Local\Temp\nsb4AF5.tmp\registry.dll

    Filesize

    16KB

    MD5

    24a7a119e289f1b5b69f3d6cf258db7c

    SHA1

    fec84298f9819adf155fcf4e9e57dd402636c177

    SHA256

    ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1

    SHA512

    fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861