f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9

Analysis

max time kernel
139s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2024, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

54KB
MD5

bb4c8549a67b898f86b7d0238b6a5bbf
SHA1

c772d8d8df704a29b914d62b3cae619b2613cee0
SHA256

a205001713f20e7f40c3ca99ef8420e7f25aa3f30dc12da9da4bb59481d1fabc
SHA512

6b7f76d0b82ca6b2edad1e53b52966c594fa45969a0941a145bb7df326a1bf74fcd8e8a5d59587b6da9b0512251908400eb4c496a961987349fec53b81a172f5
SSDEEP

768:/nYYHhho+VUkSko1SJvs8evqUlwPSGiVKu0plz1iqc5rQ9NCC1VhsL0adHZ2ysN7:QYHhhDWkSkWIGq4wjiKu0P16Gl1Vh71

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1172	Un_A.exe

Loads dropped DLL 1 IoCs

pid	Process
1172	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 1172	760	Uninstall.exe	92
PID 760 wrote to memory of 1172	760	Uninstall.exe	92
PID 760 wrote to memory of 1172	760	Uninstall.exe	92

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nshB08.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
54KB

MD5
bb4c8549a67b898f86b7d0238b6a5bbf

SHA1
c772d8d8df704a29b914d62b3cae619b2613cee0

SHA256
a205001713f20e7f40c3ca99ef8420e7f25aa3f30dc12da9da4bb59481d1fabc

SHA512
6b7f76d0b82ca6b2edad1e53b52966c594fa45969a0941a145bb7df326a1bf74fcd8e8a5d59587b6da9b0512251908400eb4c496a961987349fec53b81a172f5

Download Submit