fe8b23ef1880acb970ddbb469dbce724ffdc61355440d8d805df8672b1e29a3e

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

K-MeleonCCFME0.089/SetDefault.exe
Size

76KB
MD5

2270dceed17d8fa7d7c2387fddb83c0b
SHA1

b17fc36cb8d7463536286f95fe56fcc11d6f9a67
SHA256

157067b5287f73be460d7d0163b4479668af7303240cf30d23b7b41f1d8d07ad
SHA512

773975a39f5c8c9814031d0ee4f040cf599d8faa8a9daff0b3ada12ea965b83ace0363aca4477036ee72602d486a29e381fe4cbc98a755e0eb29fd4782ce2b30
SSDEEP

1536:dXwjCzX139sZDM4y0DhmJq2Bc2oRb6FYPFhuinFJcW4A/BX:BYU94fDhmJJLoR6FYWo4GBX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

SetDefault.exe

pid process

2012 SetDefault.exe
2012 SetDefault.exe
2012 SetDefault.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SetDefault.exe

pid process

2012 SetDefault.exe

pid	process
2012	SetDefault.exe
2012	SetDefault.exe
2012	SetDefault.exe

pid	process
2012	SetDefault.exe

C:\Users\Admin\AppData\Local\Temp\K-MeleonCCFME0.089\SetDefault.exe
"C:\Users\Admin\AppData\Local\Temp\K-MeleonCCFME0.089\SetDefault.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2012

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdFCA.tmp\ioSpecial.ini
Filesize
815B

MD5
bb94fd5fb674ca154addcdd877911387

SHA1
ec7028b364112eb673310ca30fcf964ba847b7c9

SHA256
272c9c222f3287e1f7c0ae07aa819e8bc39c8e05dba3211a04cb46064f37f1ba

SHA512
2ce6a480db02bce2e33400ba4e51fb2249616c9e7b0c0611aa0816877c4ece47d367fea3b675418a6b57ffa2835db00f57031bd158847b7df53a21941259f9eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdFCA.tmp\ioSpecial.ini
Filesize
828B

MD5
b6c6c6a6deb3d15e77276b00e961ba2b

SHA1
f80f1ced6a893bed61c104ac52ff79b264fd9fc9

SHA256
ae7cdd3f8f0ac85d87fbfa9c5020ab8cac9d852b01b867fb2e146bf079feb1f3

SHA512
57ab3458fac124d11c820f0ba4ab7704abc192941921f78ed5fc7f0853f030bd47e2955c33cfecbcd0b2949e61671e80fa78f757270c11705a8cf2ff5ae92de4

Download Submit
\Users\Admin\AppData\Local\Temp\nsdFCA.tmp\InstallOptions.dll
Filesize
14KB

MD5
3809b1424d53ccb427c88cabab8b5f94

SHA1
bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

SHA256
426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

SHA512
626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

Download Submit
\Users\Admin\AppData\Local\Temp\nsdFCA.tmp\UserInfo.dll
Filesize
4KB

MD5
3691c07a4c5f9e12b96a61bd4b28002c

SHA1
831ea22da1971be4f33e86e96bcf66fa051739f0

SHA256
9d0b769ccf9eb460304302e2ce1958001089718baa58d9cf71f4ec3fce8f4922

SHA512
435de907053d68c970654992f1b4c8bbf651e722c1c206601fdfea7001bf15fb465d97127d90fbc73fa58a99e4e511fff2c85cb866d0216e80c518cf175eb5a6

Download Submit