47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
Size

147.0MB
MD5

379bfd92cb5b6b7ac3b23b94f1504848
SHA1

99c1b652a97ee1c45cf6401a9183b22fe7ebe8a4
SHA256

47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa
SHA512

4c9d9ed180dd3ad92ff67c2fca297a4b63c0a6aff5204d6407996038b812ac0777e81260edc8daa3082f3b804719e068d317c16504568a911dacc0b5aec2e8ba
SSDEEP

1572864:Sgg2KWZ/EkxjcmYXoZ9CoLQpk9vVSH3vYMfHGNyHm:SgoWZMMbC7pk9dwnfaZ

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

Processes:

47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe

pid	process
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
3556	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe

C:\Users\Admin\AppData\Local\Temp\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe
"C:\Users\Admin\AppData\Local\Temp\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\Microsoft.Win32.Primitives.dll
Filesize
15KB

MD5
ca126c802a1ec4e98a3f323a62a364d8

SHA1
48a506bab3978fbf80ec3c6fedaf6b1b6a8fa85d

SHA256
5f1e87559e8d96e8405c3da7c5780c454b41fdbc86aaf3c20828b33f9f8f744b

SHA512
0033debd294f551e8505629f2eb3432313ba1e2ad649688ae0072568a16f50cc48f750940c8dbe1af127864ad253a5eb8fdbb6165485e01f1b6278c34b662df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\Microsoft.Win32.Registry.dll
Filesize
102KB

MD5
19ac10887cf30e08c36624960334288f

SHA1
1420a8c854588853ca329a650f0e9b33e28f9238

SHA256
fab9f490e6ded0afe73f41dfe28f6e18afe9995488b666bb3aa204684cd29c4d

SHA512
3c10f896607a91a961e96bf2ea20556019a0bb6619daae64e9bcac8d1ffe250fe974fc5760c13994181a6af087f1bf595368338e07efd167bba9034d9dc26d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\MouseJiggleSetup.dll
Filesize
164KB

MD5
c9bec7e5b8e5545483740482234beb05

SHA1
00d2eab03d31cd462b093ee56a01ab7ba2df0799

SHA256
3010298da1767de6ae5b926a78ebe845b71ff209ae9c51ee3b1a34552f916093

SHA512
0364d9936218e345c3848d382a869bcad2468837184d74984193c2cd3fd5be51be2328f9a1295a33f4670ff59cec84e1ecaeb68e6c078a6d14371e422ae57c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Collections.Specialized.dll
Filesize
90KB

MD5
14dca542b07ec267aa34a727a3368304

SHA1
5c83954abeedddc5a368041e8f54f366bed14712

SHA256
3bb4581a7930f65d91c86b90c67cc8af6fa99f6b2ea892a0493b1cfc73cb1b02

SHA512
449b636e15cef44356955c630541522481c41e7c5fd47a696ef838c80b6ef23648d5fb99283d474e204442e9566c63e01e52156db80418c5a39bfa77a3746704

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Collections.dll
Filesize
234KB

MD5
8bb21886ad3275d473978b5d532beb76

SHA1
df5869ebdf96a309b7fd6d7e79dd15af340d60c1

SHA256
ed4284ad8ae7460e22b5972a21f25f154ae0cb0f1be8b80bedd99fbd0c9c0c01

SHA512
389cb5d22d8a43d909d247e80f51577d8a39beb675197f214c4675e9f5373d27ac9f5672ecd9e6ce492d2727a347de99a7d8b5d03ab2c2c4f06ff1f1c9a0b2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.ComponentModel.EventBasedAsync.dll
Filesize
46KB

MD5
24720b67d66f20f086becdb81a8cd856

SHA1
1327d41ee6de9a4f5d336880ccdc80991c789345

SHA256
1ef6c4f7f7df04df6b4c626c744c0e9b7dd58f35929854546d8382cfd1845776

SHA512
915e9b4ad6b66f8f3c268b89a6093cfa6ded1ce38ecae16dbc4fb3e0c582c46c57339bbc8a898a0880c8b196de2d4f93e491afaf4ab31e80d054df5fb916cb43

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.ComponentModel.Primitives.dll
Filesize
74KB

MD5
f37f10c7b1ed821f7849dc410830c6b3

SHA1
aed82916927b4189258407d4d949287b18abda2c

SHA256
a74823d9b5d0cef334544a56621205e1c57890c151051683c30f5a21529f9e8a

SHA512
6c2362015416ff3f101c6a950f77e85a9d1f0a86b7cebc959d82aed27d525bebdd2603ed83d17564973d5724005c63b440428162e209746d6b5d19754b87f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.ComponentModel.TypeConverter.dll
Filesize
377KB

MD5
c799c1649ffcd4ef6bdf2d51bb307a13

SHA1
6408f83c8a65863beb57002c90b7679fa461d656

SHA256
fed279cce7898aae671ef5cb8f5bff794680b6c0ef958aed58ef3914022b4a7d

SHA512
f90a9d66d8ad4a14b199d8db3dc5b54af18381a6ed093223f90fddf13be8721e7c2cae9bfc8850250c2d59ea03dfed07fb3e420fbbc1f8fcd344cc84a27a7a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Drawing.Common.dll
Filesize
543KB

MD5
d989a1cb619dd55675efb5a84167d344

SHA1
17a7d487793f68b5ac4664fdf2f3c880bf351eb6

SHA256
e10e1f611cfc671a0d40cf91e7f5793183499cce182038a9936d8b9042107a34

SHA512
ba10a85a7605d990d48823907b108ef1d790343e7a783ed11276edd1955f605bd454a16ec988c63b4deb2b5abe5f131ec03a60c04874edeb1d62c7fedfe267a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Drawing.Primitives.dll
Filesize
126KB

MD5
0ddd023ad312008ef864e8ce7194e698

SHA1
d00bae904193dee6cbcdb233f34d7f6062a6fdd5

SHA256
e85403668689fa15b9519ab5641a30d2171035a0e6e4e08e31d3281b77c47d84

SHA512
13039170344294b192d9459798f2bf9b450d59d14519ea17ed038c4c080085531fe8ed33751429b0ac635ffa96a2f132a88223e4346ed6b5f41cf71c41306294

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Drawing.dll
Filesize
21KB

MD5
494dcd86cf1d7fa943987cff9a712902

SHA1
6915dc8fbad759d5c429e3c81ff2f8eca1cd2905

SHA256
c64f0e866b0b904b101d4b21f3e11e706169e8eff8f041742b137b886cbc5739

SHA512
9532ce2dd1ae242163d672e86a1bc43c2588733244ed0c152cc642027f91fb314426df81beec73a2575fa448c83a364e8eea4c86bcd356ee058b828ac042276d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.IO.FileSystem.DriveInfo.dll
Filesize
50KB

MD5
3e0f5653b2bfb6c9ba38b9b010ac28ef

SHA1
0683f30f94160d18230c6f6c9a10f60f66de875a

SHA256
b959a88e489c29ac3a80b0575b3f510c3fc493c8e9af1d5ebe0c643cfd6d43c1

SHA512
4a11a4061ac02d21e007a82786eab49eb84daba59a4efbabea4f13ff83b00392a3fcf03d30b72a8ff966d6e808b2c67de2273c070813c37714e050e705adb8ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Memory.dll
Filesize
142KB

MD5
d3bafe00ef32527ade49d33270d62c21

SHA1
473088b6845fc212f8b7ef6c12bd2a8b693abc50

SHA256
8cfe27b0dc18bcc078df9e7747047211cdc063883a9de7db928f52dc4b81210e

SHA512
3c6ed7dc39373392b9c05fb418ac767889a92f5f7eeea302e121d80676a00327c03846a26e1d28d1e49a009d71a90c70bab6a96e66a80015b568a04fb11a92de

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Private.CoreLib.dll
Filesize
680KB

MD5
408272af231820fb05240163bd15b981

SHA1
cc9eec833dffb41807778c8d96a71c350e540fe1

SHA256
4dde07dc555c465a39b6d51b7da5ca03e7174c7acaf7e794fe811a9fa27356a3

SHA512
c5ad581b6cdc0e0210b6ed2afb3719a90c9002a89f91d288d6bf3a5b796d65914c52efe97a514a21e308c9a3ca8d84aecab9e106cb1092d12e9766fe97dd2342

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Resources.Extensions.dll
Filesize
126KB

MD5
334ab16e55e708b348ca8ef1125bb984

SHA1
f5b671e71351a6ea091be458c9eef68148712716

SHA256
785b2765eef227b0184f4948b4ff5fff7907a233e0302f7588b351c58733b66e

SHA512
6f1ffb96fa705f5037921a2fc933a8ae2c0bd458340d53ed73d329c958e22ebdfc7565c3148e390f1db0a126afc98d87446e16f5a3783facf75a45b9de1fa3a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Runtime.InteropServices.dll
Filesize
86KB

MD5
9d9f619bcac672d33b47d9738e3631e8

SHA1
83b47dc8e3c52e9d97755f737cdb295b07ba7650

SHA256
68688e4611f18b2ea402c1d5fa2ebc773c94fccacd725e9e940643241aedefc6

SHA512
bf89ec0eb9ca91283b401ee509babbf2bbd27911761cca120cfabf19179590e521987b067794e45f67eeec1ac6979f9ce80193993fb0ca6df3813ff7f0772ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Runtime.dll
Filesize
42KB

MD5
a3810bf55ef4a7ca3d6089d5f9af76c1

SHA1
2e903f05c32d0efaa0026923bf788c60c97b0357

SHA256
85fca586cead3422ed49b1de567d663f80fc0ffc91ff0d67c301b8c3bc4a90a0

SHA512
4b6f864734ef9796ff9aeb977141093571a997e1df5d54ee4483adef85e47817c4810713e8bac5c6b6a84fcfc6124974031975c11ca45d1ed36791effdf02acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Threading.Thread.dll
Filesize
15KB

MD5
52c43bbac985b5ecaf7c4f583628c9a7

SHA1
8dac2fb3380c315ccb5c1391db46c54498954952

SHA256
f4e5c6a5a4c8f2910dbf526013e2ebf4f3cb44a7fa6061374cf6ea3e25d08ad8

SHA512
6f7b70bb28fd549ea1331b9750ce1f59ee0382fba9bff31d1cddb830a0d400b620f8308b4ac5edfabbb93f3423c53a9a62e8f61bc8ee04bec814fe130883c275

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Threading.dll
Filesize
78KB

MD5
d8a1d2882a2004e7a9e02aa571dd52ac

SHA1
57321f206fc737f6f969d9317211f868c1e38f03

SHA256
6f611c765a8ce51c3a667f114fe316afa88b228335ddf90f08d1de2644005815

SHA512
4113f2473ea927d939ea2f06832849056671b4d0fb1a9fd0c63635335e02d1bc6dffda02ac48e44dae365ff634537a1ba4d85cf6df05d3ccc27a0b7f5bef1944

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Windows.Forms.Primitives.dll
Filesize
565KB

MD5
d6a7570cd044de58da2f65e27871b3d0

SHA1
d8fa6f640955faeeeca13b783333f93325a814be

SHA256
49233591e618efc354ee3b7cdf0448bba7b78b5d0f3870ff4319de547d4b4667

SHA512
e2bf279bd7f59edc059f2050d4b6e43002974fd52959463ef9d61135f065673ed3d7aee7441281a5da3d29d4b09257dd02673ca90a23a394d007766e3dcd865e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\System.Windows.Forms.dll
Filesize
429KB

MD5
e877b14de32a8dad600e11df5923449b

SHA1
e5c67d61412fdfc1bf4053c9465571079b989be3

SHA256
282aa1bbc674f4e19384e0ca01e5b1e05f7245c0c6881c988e09f4262d1f1270

SHA512
aadf1f560c68ecf626d8d4dfcf26fe81ccaf97bb05a774d20b3e49971bdda7b6bef5586e93a244c37aa67d56b045ffc7129a2262b58f13b881a986798c3bca80

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\47e51ae8afbae78cc2156f85df44dc646b5d066e9b3c09aefe9e1e08ab1c87fa\r9xzcpf59lMHbt2FWGu90bVtAES8qdc=\TurboActivate.dll
Filesize
1.1MB

MD5
d47d64e3eeaa388e4e944af226756cf6

SHA1
f6a04d0b1c152ee0f7f5022c2405525286fe2f41

SHA256
1dd842549904842bd3f72a8f3ddfb96e3674f1826265eb0627271143e9c4b1eb

SHA512
0644c14aecd835fa05195b25262366818ff053d0210e74727ce83e7dbc6ecd5dc2f6f466a38c9498122b544a5b4252495f2f9e762094da144faeeb4abded3091

Download Submit