b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
04/05/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PCRemoteReceiverSetup_7_5_16.exe
Size

63.3MB
MD5

ca3eb78b4bfcd2388bf49a980f1053b7
SHA1

81c60fff0a2f0bf8e8ffc4161b0ed00fd3353a9f
SHA256

b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0
SHA512

5f02bd4cab05cd242f3605ab027c11d28b855bd9180ff52aa14963248e2778cacc36466dcca684c0c17c9bab874f12b3a3e2d3ca655570831101cfc5c1022e51
SSDEEP

1572864:DGr9D2YYvt8/7Z9lRA9lg5yJRotDthtYt/1vv+W5x/t6rRYyjvZXTpoZC86:DO9DoFE3lKYgJ1cW5+ruyjv1Nos86

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1700	PCRemoteReceiverSetup_7_5_16.exe
1700	PCRemoteReceiverSetup_7_5_16.exe
1700	PCRemoteReceiverSetup_7_5_16.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1700	PCRemoteReceiverSetup_7_5_16.exe

C:\Users\Admin\AppData\Local\Temp\PCRemoteReceiverSetup_7_5_16.exe
"C:\Users\Admin\AppData\Local\Temp\PCRemoteReceiverSetup_7_5_16.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi2711.tmp\ioSpecial.ini

Filesize
1KB

MD5
0c19995dbefdba7e594c85eaefaca748

SHA1
9edaba0ebab8a699e257beddd899fb874fae49cb

SHA256
338588ed217ac0722d228d87dae44143572242def5da350a428015115b1da9c9

SHA512
74cfdf4631eef60265366ef77b08da53e21a5e5e495361350b32fa9e938eb28091419cedc15e54a91026c841ebbcccd3c8ec30cf29684c77339d97d0a44aeea1

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2711.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2711.tmp\LangDLL.dll

Filesize
5KB

MD5
014a3be4a7c1ccb217916dbf4f222bd1

SHA1
9b4c41eb0e84886beb5591d8357155e27f9c68ed

SHA256
09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

SHA512
0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

Download Submit