9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a

Analysis

max time kernel
164s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 01:43

Target

9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
Size

39.8MB
MD5

8d5ed34215ddaf7c09b15a3c137677b8
SHA1

f9c8dc1eb47dcce7c9fa8c5c2c41bec58b88dd18
SHA256

9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a
SHA512

6d7a1a480bf1b02cce154493e02ebed0c6e60a58830096e811262a0f8000537e579acb16bd150a060de1a6a1ad346df3d590706d1e592dc04521fec334ba149e
SSDEEP

786432:AkwEspy2XycvakaqBGlWOP0MG85oXglyO4+xI4EJtL5J1EPeMy3+QszDSS:AzEspXycWqBS8H8LlyO4+xI48tUY+Q+

Score

7^/10

Loads dropped DLL 2 IoCs

Processes:

9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe

pid	process
4300	9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
4300	9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
"C:\Users\Admin\AppData\Local\Temp\9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe"
1⤵
- Loads dropped DLL
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:372

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nskDC91.tmp\InstallOptions.dll
Filesize
14KB

MD5
2a03c4a7ac5ee5e0e0a683949f70971b

SHA1
3bd9877caaea4804c0400420494ad1143179dcec

SHA256
d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

SHA512
1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDC91.tmp\LangDLL.dll
Filesize
5KB

MD5
ebd0da54db9f12ffd15206cc24355793

SHA1
910be3bebdde55eb1ce05915a79f01ebdc622786

SHA256
4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

SHA512
cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDC91.tmp\ioSpecial.ini
Filesize
689B

MD5
cd055a319c7576a5f8d48692d9bad531

SHA1
b83dfb3d9677f7a75ea2a91344c7b4dac7a83532

SHA256
bf94ba6ad901da78c0b3ef8d6a9cf9c8cd3e641e90e7a8c8f3b54915f5d94f05

SHA512
03d9768a6e7ed05fc76b51ccc4c9af38f0fc3c6e538f56b7da3f0fcd38fa68a47ce29c14cd7a001f6b855edda84f1ef192538f351cc11052c9590bb87b3ad976

Download Submit