b5e3f92898f99b477b299d5586be81ed934b26f41bb07035067357089cc1cd25

Resubmissions

29/04/2024, 12:06

240429-n985jsaa46 4

Analysis

max time kernel
91s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29/04/2024, 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Backuptrans.Android.iphone.Viber.Transfer.Plus.3.1.83.(x64)/Software Files/Setup.exe
Size

16.0MB
MD5

89828f9288f8366684b19779b93060c3
SHA1

4d2a9ce8353f3c7e8613a2e2f3149329446e173f
SHA256

26f7ffda7d482128cf645cc131426ddd12c0a935733a27f01de8ac0231b511af
SHA512

1bda9657dbe1c9b4db1c232ca6ba1910d9440b003e2f96fb33581b143c76bffc057dbbd8db96e9bdf8eac8577e1980a5be1a89ddd77c7c2fb2136321b516c7e3
SSDEEP

393216:FIjB/rSVX4FJH6KAu4nqy9k8OEv0SxTFS5MRjX:FABDxHADfVOK3oiR

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4984	Setup.exe
4984	Setup.exe
4984	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Backuptrans.Android.iphone.Viber.Transfer.Plus.3.1.83.(x64)\Software Files\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Backuptrans.Android.iphone.Viber.Transfer.Plus.3.1.83.(x64)\Software Files\Setup.exe"
1⤵
- Loads dropped DLL
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse4595.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse4595.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse4595.tmp\ioSpecial.ini

Filesize
819B

MD5
68c3d1f90591ed530557d32ebc1f10b6

SHA1
a4a102bbead94a85b7807410b4497dffe7b0a093

SHA256
ffa7295424e37c92c9a0bdd896d6b694d719ebec37ac6d93c26883bd8ba771c3

SHA512
a9bf78d8a800859c989f68f269e429287b6e0050a40c00b40e0424f6e38b5abdf319b03fdff2237b7273191d3b7dc843291d38d792a62e0e9f42681b088e79dd

Download Submit