0b18ba0573f449ecb8b796c4496b14e94ae745dccfb7568545be7dace8489a6c

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb2kp_0943b70515.exe
Size

4.1MB
MD5

509ff3f3f90759f6ad5b1c1c82a74948
SHA1

8d7add5a90904670a96c2ef17841cbf45bdf6a6a
SHA256

fe57bc9031e150c8076bdcb59d8f93e9f2b7daeb34f366efe82cc15b250185f1
SHA512

9620292a8bb3409c1e7175270cf1e5f262853472f841b08064da6a28c553f18dc949be99b7325a290676d7ab71af267a0f25335472f603f51554b3a4b0756cc1
SSDEEP

98304:ixROaWeOVYMW0YHmWS/VFO3rK6cw6EH7KM/U4UUr6EBqHaD2e8dQv:iseOsNmWUVFObKZVgRUUrLQg2q

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1964	fb2kp_0943b70515.exe
1964	fb2kp_0943b70515.exe
1964	fb2kp_0943b70515.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1964	fb2kp_0943b70515.exe

C:\Users\Admin\AppData\Local\Temp\fb2kp_0943b70515.exe
"C:\Users\Admin\AppData\Local\Temp\fb2kp_0943b70515.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst75ED.tmp\ioSpecial.ini

Filesize
789B

MD5
40cd7696610a67e5d22bd1f3e2562470

SHA1
7eca375b241b73406615ef742f665a6b700871f8

SHA256
03d3155c09d2dc57e5ee1caba2acb1e399b1e176b34fd02c053e554d2a2f54a5

SHA512
7db5c1f5ea9872d419ee645057a7421c129430389c3991c039695ccf2c161cff1a568a07d4ba7c939f309ad13dabf4463b76da24c6c7641d8810668c3cde790c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst75ED.tmp\ioSpecial.ini

Filesize
828B

MD5
cecb6c2745c8cbc7f988a1f4bf2feebe

SHA1
1d02203ee38d366dfbe5d27f659fb435ddb4ecfd

SHA256
d02a36758148b89cdbf2e4926c69935b75351cc945380b23afd83c32cb6d1713

SHA512
762ad208237440ca24ba48598d86573e9956e2ec56b59540fde9439f8b0702c4c2f4236c32d066544f661ced59f9fe843f1cd5669858ebce4ebe3d1fb804da5b

Download Submit
\Users\Admin\AppData\Local\Temp\nst75ED.tmp\InstallOptions.dll

Filesize
12KB

MD5
cce5450725a9429a1d3c7aa851d40e8d

SHA1
05722500e42757ac03f2558452a064b906e31937

SHA256
d850c786a68df9520a3ecf2a96f4f091c9bae71d3adbf7731e8c172533cb266d

SHA512
3ddb56429e097ecf942e8a5147ba4c4191c52b736df267934f0dca75ffa74faffee8911dda47c5d2542f91138abbcaf61be3e3d68b368631d6bc21e254b5c637

Download Submit
\Users\Admin\AppData\Local\Temp\nst75ED.tmp\LangDLL.dll

Filesize
5KB

MD5
759cb1f693d002203d8a154ec37bc1a8

SHA1
3a6c278f27fd098105b9d8d0aff775b55bdaa1db

SHA256
4c70ae970cbf32b1891cac05897b08cf5397554ab06968db0143ddd26676e574

SHA512
9ae52f73f861b252585ad4660353339c4daefb8981bd280200e6ace65e3a3835d617f6d4de9037c1fb912a2e4a4e2711b44a494b5c47c4a43bfa18f836604836

Download Submit
\Users\Admin\AppData\Local\Temp\nst75ED.tmp\System.dll

Filesize
10KB

MD5
24a04541a0d2312e472f8236fd205ea8

SHA1
c47eeee6fc23590311f2860d80baa954386a8ce9

SHA256
74d7ac9e94305c3d30cfc19279ee73fa891bd5ae8800610dee391d1880825e19

SHA512
65e061d2776bc0db53ea8aa35fb50152818c74fa9735f1a5a370315c4dacaf2cb79374ec59174d86c2e87f5b0bb8662f8cee6ff97ae93261c9a9a05bd3cc1adf

Download Submit