a8dbc3aee62133e5735442327351d27a316f5d4bc529973e0120d2e6a500abf7

Analysis

max time kernel
40s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DS-Setup[LRyur4lA2].exe
Size

519KB
MD5

3e0514bf298c9f5f03bd570799bb5da7
SHA1

9b5297aa7cefd32fccf0c64292068586cc74c735
SHA256

a8dbc3aee62133e5735442327351d27a316f5d4bc529973e0120d2e6a500abf7
SHA512

fb162d98bbf2945291ae51b0251a9e45f0c912bbf8dda867c54ee1a3f4614651cf68f77e98f4ebafcdb273e6e94b124bf3626772164f85f78d16ecf94d307ae3
SSDEEP

12288:5+ocIPZW6I3o0GnaTYI9UF+q6goU5vOIThZ8uju:5Pc1N3fGa0/F+mvvOCz8uju

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe
4968	DS-Setup[LRyur4lA2].exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Download Studio\dstudio-gui.exe	DS-Setup[LRyur4lA2].exe
File created	C:\Program Files (x86)\Download Studio\dstudio.exe	DS-Setup[LRyur4lA2].exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4968	DS-Setup[LRyur4lA2].exe

C:\Users\Admin\AppData\Local\Temp\DS-Setup[LRyur4lA2].exe
"C:\Users\Admin\AppData\Local\Temp\DS-Setup[LRyur4lA2].exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\System.dll

Filesize
12KB

MD5
3e5dbc37b5790b6a1137f0441afc93b0

SHA1
1a6e3344004f130bbd7cf19e719b9ad066f4f032

SHA256
6979a3766120389868145d5dcf1310b084a15046b389273fde7ede870e213ca0

SHA512
c0a8eaed8d9d9e3ce438446aa2a3c30fc46d006c412fe5e7cb180e839172d514f0f92bd77582e33ff6189bcba0777f800e3eb7d39019e7fefde8d016abd8565f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\nsDialogs.dll

Filesize
9KB

MD5
5bfdc8fb2d2bc96d3c6ad3fa5001fb60

SHA1
3ef791e834af931221d1f52f557d79dad2731763

SHA256
56db8561e64c05a5e1978a4320084b239f8c288183a07f674863f6187ae7ffdb

SHA512
b3ca9ecfe1591a3bbf95d703918c3770dad24e7480b803a38d09158f69d4e1d7be2550bc6c06c0fe8b05282cf5297eac8b9afc28d8835bb182a39d43627ec1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz4529.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit