96f1377fce7b2aa217fd31b2bd92b9d104c8b7039212979fe80120ac09da9239

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HA_MD5Tool1.0_LRH.exe
Size

1.2MB
MD5

17ad5b8f14d903eff4291651b62363e6
SHA1

19e8b0c41bfa055e2fa011a9422222ea6778a4f9
SHA256

219ac330601c0c2f73babe6d380c8c07c2cef35ea13ac773852d4ff56042e0ad
SHA512

b8335e910e5f9a6c3eefd921f3bfea367545e3e76aeb845207a46302dad84c200cfbac0f34436ae3daa9a31420f80f0c0c4e082ca42d0da16f954136bd848470
SSDEEP

24576:iXRJ6AEhQHZ7Pu5Eie0aUXDOHg/un0Y9Ym1OgCh5he34sIEZb:cRShQHpBi1Ig/u0cYm1vCb24sIEF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2056	HA_MD5Tool1.0_LRH.exe
2056	HA_MD5Tool1.0_LRH.exe
2056	HA_MD5Tool1.0_LRH.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\HA_MD5Tool1.0_LRH.exe
"C:\Users\Admin\AppData\Local\Temp\HA_MD5Tool1.0_LRH.exe"
1⤵
- Loads dropped DLL
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2212 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjB70D.tmp\brandingurl.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjB70D.tmp\installoptions.dll

Filesize
14KB

MD5
99a01229bfad8d31bf0ccf636f993393

SHA1
699c225ac447723d20bb786d18f4c95f5fd8951c

SHA256
58b6827090451254627c340ddc941cfdd87930606e3859bd29495ece878ca115

SHA512
bbf78a03004347cae25fab552e846dfd4873b39a2cc3613bc05a328a5a6cff026b13fa0653d3607197faccbabd4a9d97df2948bcf2ef5414e7d08cdfad6bbe15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjB70D.tmp\ioSpecial.ini

Filesize
660B

MD5
b82151c0640821e3b98b048b17af62ee

SHA1
7da70d2c31228a9d8b5f562bc7ed0bc3a5a4d684

SHA256
16d2f620a664b5be44cc9f06a202d1be523bd02b9d394a3d850c22c936a7460e

SHA512
97e87d39dbcb4e2806a621177961068086d4293ae35f1b2b98bbe3ef026868e55464614d470ddc2c9245448d9ecceed9e32e8d9cf0829f23a09f3bd56f2371a5

Download Submit
memory/2056-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2056-91-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download