913ecfd11233aba6a8af3480baa08d21d4d34729891e7caf840198393fc135d9

Analysis

max time kernel
148s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4399box_install.exe
Size

4.4MB
MD5

dee71ca9508b2b2d46ee3b549c7a9149
SHA1

b5e2b842b252dac18cd09b5734c6efee5452b502
SHA256

5b27d19dd7e39c29fe8bac59d35b9ee6f33aa05a5325b5cd9551e273d7a6d811
SHA512

c464fffad222cbe571cb5fc7a9f30df6c01336e398c469061e8099cdcc00fc8016f8cfdcf5d4f4168c2df0f89741eeb2a4971ff528d3de0958ac1aa0d70c8377
SSDEEP

98304:uBUAhM5kmCbW8twq6tqNpQotlnEB5Cjmt04cVYF31JSsjJOYG47H8AMiRDZoCMx:uBUAyCbWawuNlbvjiAWFvJIYQmFo1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

4399box_install.exe

pid	process
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe
1452	4399box_install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

4399box_install.exe

pid process

1452 4399box_install.exe
1452 4399box_install.exe
1452 4399box_install.exe
1452 4399box_install.exe

C:\Users\Admin\AppData\Local\Temp\4399box_install.exe
"C:\Users\Admin\AppData\Local\Temp\4399box_install.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst1AB8.tmp\InstallOptions.dll

Filesize
15KB

MD5
9a886711c559308c39c01c20e9d9a1e3

SHA1
0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

SHA256
98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

SHA512
4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1AB8.tmp\NSISdl.dll

Filesize
14KB

MD5
33d4a515252e42901fcd3230a749e92f

SHA1
168ccf18807f372d59c954425b23e3ba07b9e32f

SHA256
83817610e28c78c766a183e66d9fa47f1831b702846cae2ec51ba5848c9dbde1

SHA512
fcd40f466403d3243d8a8d2e98aae74f46d5b5e9e254d13485281e86022305a3e8d47c6411175a9f2f90ad8d10aa40614c71329969ef895a20d60688a649adba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1AB8.tmp\System.dll

Filesize
10KB

MD5
2b54369538b0fb45e1bb9f49f71ce2db

SHA1
c20df42fda5854329e23826ba8f2015f506f7b92

SHA256
761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f

SHA512
25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1AB8.tmp\meituWel.ini

Filesize
211B

MD5
788513c86e3297a2df6eddd0a35806ce

SHA1
0c3a36841d92b9599b2d2bc0c02f51205c4be8b6

SHA256
2c86db463830b19daba0784b0e83351fe0502dc36ae12209279dc8e4f9bf4020

SHA512
e4d1b639421cd1965642305dcddc05c7a0d596a799af54241233666a73f717067371293e091cfe81107cbd1e9cfde8ba3e941f6decfdc8bc47bd5431bebd01d6

Download Submit