Overview

overview

8

Static

static

3

9d3e08381f...f0.exe

windows7-x64

7

9d3e08381f...f0.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Seducers/P...32.ps1

windows7-x64

8

Seducers/P...32.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3e08381fcf52ee5397eebffe263bfb01850a54c0f23c3b386b76fe3a0d25f0.exe

  • Size

    712KB

  • MD5

    e4604ef80b174aa323453b26d93801fd

  • SHA1

    008f8695ebacf172863898c8419ecd50c55f076d

  • SHA256

    9d3e08381fcf52ee5397eebffe263bfb01850a54c0f23c3b386b76fe3a0d25f0

  • SHA512

    1e2cf23b8ddd017798df08b038ab21065d57ed1bda64adf838a4e65d959420114f8f45826600d661fea3034338490673ec17d21d9a3bbebb9ea27798e6047df4

  • SSDEEP

    12288:g396BGtxLg6yk19rGAp0EpsziNuL/bnB5yELdJ2lb5dhl04aCzgNfvdi:g393tRyyGAfpseNu77nTL/215dF0tFi

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3e08381fcf52ee5397eebffe263bfb01850a54c0f23c3b386b76fe3a0d25f0.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3e08381fcf52ee5397eebffe263bfb01850a54c0f23c3b386b76fe3a0d25f0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Outlinear120=Get-Content 'C:\Users\Admin\AppData\Local\subduingly\mede\Seducers\Probant191\Transaktion232.ove';$Queasinesses=$Outlinear120.SubString(59410,3);.$Queasinesses($Outlinear120)"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4292
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
        3⤵
          PID:3920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sv5dx1sy.mhd.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsq3D19.tmp\nsExec.dll
      Filesize

      7KB

      MD5

      4c77a65bb121bb7f2910c1fa3cb38337

      SHA1

      94531e3c6255125c1a85653174737d275bc35838

      SHA256

      5e66489393f159aa0fd30b630bb345d03418e9324e7d834b2e4195865a637cfe

      SHA512

      df50eadf312469c56996c67007d31b85d00e91a4f40355e786536fc0336ac9c2fd8ad9df6e65ab390cc6f031aca28c92212ea23cc40eb600b82a63be3b5b8c04

      Download Submit

    • C:\Users\Admin\AppData\Local\subduingly\mede\Seducers\Probant191\Transaktion232.ove
      Filesize

      58KB

      MD5

      8f0b138615bc5232ec5e891ad22e0236

      SHA1

      5bc489fae01667dcc0af2f94ab20826d73ab9dc5

      SHA256

      38be5eab8bc0206325f3556e55419bc7a72c41f07ea437c10aa50337c2911d85

      SHA512

      3696c371d06ab6887a58f49297fe09da2c57d4281026f3c8051c472a02714620169e31d6dc2fc68da2d46a537410cf03500cb274767f6c73a60c9d44470879cf

      Download Submit

    • memory/4292-78-0x0000000005780000-0x0000000005AD4000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4292-80-0x0000000005C90000-0x0000000005CDC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4292-65-0x0000000004D50000-0x0000000005378000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/4292-66-0x0000000004CC0000-0x0000000004CE2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4292-67-0x00000000055A0000-0x0000000005606000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4292-63-0x0000000000B70000-0x0000000000B80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4292-70-0x0000000005610000-0x0000000005676000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4292-62-0x0000000073B40000-0x00000000742F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4292-79-0x0000000005C50000-0x0000000005C6E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4292-64-0x0000000000B70000-0x0000000000B80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4292-81-0x00000000061A0000-0x0000000006236000-memory.dmp

      Filesize

      600KB

      Download

    • memory/4292-82-0x0000000006150000-0x000000000616A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4292-83-0x0000000006C30000-0x0000000006C52000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4292-84-0x00000000072A0000-0x0000000007844000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4292-61-0x00000000046E0000-0x0000000004716000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4292-86-0x0000000007ED0000-0x000000000854A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/4292-88-0x0000000073B40000-0x00000000742F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4292-90-0x0000000000B70000-0x0000000000B80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4292-91-0x0000000000B70000-0x0000000000B80000-memory.dmp

      Filesize

      64KB

      Download