fe8b23ef1880acb970ddbb469dbce724ffdc61355440d8d805df8672b1e29a3e

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

K-MeleonCCFME0.089/SetDefault.exe
Size

76KB
MD5

2270dceed17d8fa7d7c2387fddb83c0b
SHA1

b17fc36cb8d7463536286f95fe56fcc11d6f9a67
SHA256

157067b5287f73be460d7d0163b4479668af7303240cf30d23b7b41f1d8d07ad
SHA512

773975a39f5c8c9814031d0ee4f040cf599d8faa8a9daff0b3ada12ea965b83ace0363aca4477036ee72602d486a29e381fe4cbc98a755e0eb29fd4782ce2b30
SSDEEP

1536:dXwjCzX139sZDM4y0DhmJq2Bc2oRb6FYPFhuinFJcW4A/BX:BYU94fDhmJJLoR6FYWo4GBX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

SetDefault.exe

pid process

3980 SetDefault.exe
3980 SetDefault.exe
3980 SetDefault.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3980	SetDefault.exe
3980	SetDefault.exe
3980	SetDefault.exe

C:\Users\Admin\AppData\Local\Temp\K-MeleonCCFME0.089\SetDefault.exe
"C:\Users\Admin\AppData\Local\Temp\K-MeleonCCFME0.089\SetDefault.exe"
1⤵
- Loads dropped DLL
PID:3980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp5FD4.tmp\InstallOptions.dll
Filesize
14KB

MD5
3809b1424d53ccb427c88cabab8b5f94

SHA1
bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

SHA256
426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

SHA512
626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5FD4.tmp\UserInfo.dll
Filesize
4KB

MD5
3691c07a4c5f9e12b96a61bd4b28002c

SHA1
831ea22da1971be4f33e86e96bcf66fa051739f0

SHA256
9d0b769ccf9eb460304302e2ce1958001089718baa58d9cf71f4ec3fce8f4922

SHA512
435de907053d68c970654992f1b4c8bbf651e722c1c206601fdfea7001bf15fb465d97127d90fbc73fa58a99e4e511fff2c85cb866d0216e80c518cf175eb5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5FD4.tmp\ioSpecial.ini
Filesize
816B

MD5
0f90ee236ee8e582daba412eec2e16d4

SHA1
d46f058062b6789fe5e3911589b03e9bb8f49599

SHA256
30e8648c30607ae9b28ae128726bfd3ab8282737b387b67b159ff49f13666808

SHA512
97805568140669624ea4149da72053dc3697bdd9894648937d20df2b398d99ac2f9adc5fe0ea509e17d7dd0fdd21ff6fd90b2b0aec71ee576057acd22006c4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5FD4.tmp\ioSpecial.ini
Filesize
842B

MD5
5d0af87eddd66e4e206ab132b0169c0d

SHA1
6f763cfc8f6c23619bbe70e6bf1c5ec240e7c354

SHA256
7226f4485695fdc0bbf891bd63b4dd57becaa9e5bae5e5d72f900f60ae8435c7

SHA512
6706ede0ec4c1dea19426c685efebe089687b532fb9a92fe20be64eb2b5b8036585f7469ca71e498ac27b44388d14cc332f11988643f544334772d2235caf862

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5FD4.tmp\ioSpecial.ini
Filesize
855B

MD5
624a646aa8571cbaca153f9760d009a8

SHA1
c624bf8537fd48a76c4a20f484ff9089fd4e13d4

SHA256
f6dd2bf2e72bc9d53b91725335af40d35861ec6d668b46f41e7f50084a68fc08

SHA512
f3194b293b45f04cc7e3e58f3a6d41f1d2baa58bd098a847d31dcf5a3fdbd79b85c2617694e0cf6aa7c3a537a13003e7e1191d6ba863f1d212095d4bcb339b70

Download Submit