0b18ba0573f449ecb8b796c4496b14e94ae745dccfb7568545be7dace8489a6c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb2kp_0943b70515.exe
Size

4.1MB
MD5

509ff3f3f90759f6ad5b1c1c82a74948
SHA1

8d7add5a90904670a96c2ef17841cbf45bdf6a6a
SHA256

fe57bc9031e150c8076bdcb59d8f93e9f2b7daeb34f366efe82cc15b250185f1
SHA512

9620292a8bb3409c1e7175270cf1e5f262853472f841b08064da6a28c553f18dc949be99b7325a290676d7ab71af267a0f25335472f603f51554b3a4b0756cc1
SSDEEP

98304:ixROaWeOVYMW0YHmWS/VFO3rK6cw6EH7KM/U4UUr6EBqHaD2e8dQv:iseOsNmWUVFObKZVgRUUrLQg2q

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1644	fb2kp_0943b70515.exe
1644	fb2kp_0943b70515.exe
1644	fb2kp_0943b70515.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\fb2kp_0943b70515.exe
"C:\Users\Admin\AppData\Local\Temp\fb2kp_0943b70515.exe"
1⤵
- Loads dropped DLL
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\InstallOptions.dll

Filesize
12KB

MD5
cce5450725a9429a1d3c7aa851d40e8d

SHA1
05722500e42757ac03f2558452a064b906e31937

SHA256
d850c786a68df9520a3ecf2a96f4f091c9bae71d3adbf7731e8c172533cb266d

SHA512
3ddb56429e097ecf942e8a5147ba4c4191c52b736df267934f0dca75ffa74faffee8911dda47c5d2542f91138abbcaf61be3e3d68b368631d6bc21e254b5c637

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\LangDLL.dll

Filesize
5KB

MD5
759cb1f693d002203d8a154ec37bc1a8

SHA1
3a6c278f27fd098105b9d8d0aff775b55bdaa1db

SHA256
4c70ae970cbf32b1891cac05897b08cf5397554ab06968db0143ddd26676e574

SHA512
9ae52f73f861b252585ad4660353339c4daefb8981bd280200e6ace65e3a3835d617f6d4de9037c1fb912a2e4a4e2711b44a494b5c47c4a43bfa18f836604836

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\System.dll

Filesize
10KB

MD5
24a04541a0d2312e472f8236fd205ea8

SHA1
c47eeee6fc23590311f2860d80baa954386a8ce9

SHA256
74d7ac9e94305c3d30cfc19279ee73fa891bd5ae8800610dee391d1880825e19

SHA512
65e061d2776bc0db53ea8aa35fb50152818c74fa9735f1a5a370315c4dacaf2cb79374ec59174d86c2e87f5b0bb8662f8cee6ff97ae93261c9a9a05bd3cc1adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\ioA.ini

Filesize
1KB

MD5
01029cd2c4bd0b1b7b37380f5f698e92

SHA1
88b563ad8de523fcbb517f5bca91d54100fcbebb

SHA256
fb223a359cb9a801a7c80946bc5d0c4c61b77feef79231709642b37026223605

SHA512
32df6e847e560b7a7bafdd57f618e8165eab62af3c0d995f552e288442f1aedfe9b671b9400c89c25332a45e4f57497e7084936f391cf6999859436f1759a288

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\ioB.ini

Filesize
775B

MD5
0b4419a1320774b545d87c825027ef21

SHA1
74f640109ad5274edc0109b76aee48d3afa07c26

SHA256
3cd40cbe8223c2355127d96edaa65a7132bc821d5c3db12faf2e0523caa75da4

SHA512
274decbcf785e80e049eef4d3d000146dfe45d2b1f787d0e651c94d9f9a887c1836a50cdeba2b40b34369b5ae1dafa8d56b3d574665ed1ccb0e4a9b0dc0863b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz52C5.tmp\ioSpecial.ini

Filesize
789B

MD5
40cd7696610a67e5d22bd1f3e2562470

SHA1
7eca375b241b73406615ef742f665a6b700871f8

SHA256
03d3155c09d2dc57e5ee1caba2acb1e399b1e176b34fd02c053e554d2a2f54a5

SHA512
7db5c1f5ea9872d419ee645057a7421c129430389c3991c039695ccf2c161cff1a568a07d4ba7c939f309ad13dabf4463b76da24c6c7641d8810668c3cde790c

Download Submit