c4f0d67d3d319fc6c9abbbe0dc17c6b2313bb89e69863d33c4a3ceb6119149dd

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nex-przegladarka-kosztorysow.exe
Size

137.5MB
MD5

44df20687e2b0a72b356c4b03e6161c7
SHA1

82814a6ba9eefd0acba6490684c71d6a4383810e
SHA256

c4f0d67d3d319fc6c9abbbe0dc17c6b2313bb89e69863d33c4a3ceb6119149dd
SHA512

1a6d11c7cc9f21256084e783652ce4390b5594f84b91db864426251d8ed60217ff1f924c044e8f71d16c2165c2ee8a18bc1882c4eb84c8898442f22467481a1e
SSDEEP

3145728:yuohiFGJ9UO5Zy5To8D4vlnbuZdPOD7n7l7/X32axp1/l:NokG8S4To8UvTD7x7/n2axp19

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\nex-przegladarka-kosztorysow.exe\""	nex-przegladarka-kosztorysow.exe

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
4864	nex-przegladarka-kosztorysow.exe

Loads dropped DLL 1 IoCs

pid	Process
4864	nex-przegladarka-kosztorysow.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 4864	1900	nex-przegladarka-kosztorysow.exe	84
PID 1900 wrote to memory of 4864	1900	nex-przegladarka-kosztorysow.exe	84
PID 1900 wrote to memory of 4864	1900	nex-przegladarka-kosztorysow.exe	84

C:\Users\Admin\AppData\Local\Temp\nex-przegladarka-kosztorysow.exe
"C:\Users\Admin\AppData\Local\Temp\nex-przegladarka-kosztorysow.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\nex-przegladarka-kosztorysow.exe
  C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\nex-przegladarka-kosztorysow.exe -package:"C:\Users\Admin\AppData\Local\Temp\nex-przegladarka-kosztorysow.exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\" -tempdisk1folder:"C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\" -IS_OriginalLauncher:"C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\nex-przegladarka-kosztorysow.exe"
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\0x0415.ini

Filesize
23KB

MD5
67d15753e278de2d6d607be083a4dea5

SHA1
bad1cf703f79d84c5987b5eb84f4390cecfd9f82

SHA256
7e9c1e9787364be6ccbf026c1a842ab56279ab26c7dca428d875e983e84ee58c

SHA512
40acf9049f34c9f1a2b4ba63873a8a5f1cc386ea066dbb3549390be705aac13ca86ec14272354d5c63592255eda1f1144e8636d60dc62b9e7381e95f0505d177

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetup.dll

Filesize
1.6MB

MD5
e0ce31d6f470551986d79daacb165d12

SHA1
424d5e877098484553c5ad8b71c09fa1f9616409

SHA256
0f37ea5dd7176741ae0bde40c828cf0117bd25b34d097da1085acab6db2c0b84

SHA512
465139c0296b25adb01e336803a552ec70069213828c27042e0da88fd067be1e4f3fdc2e00d419e5571fa74b0e4a4af7d0a6ae4b14771f2b4a219c64addaed5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft .NET Core Runtime 6.0.9 - Windows Hosting Bundle.prq

Filesize
1KB

MD5
c13027a61ca610a51e6caf1d481c38a6

SHA1
aae80c76b723b0121004705cb15977306c9b0b43

SHA256
c2082e722fd9b184f33ba1f3762257f06aa2fad7feba28d169b4759f181e15f1

SHA512
e4ab836f3a32e7700da0a5905982a4c1bbad13902fd5382fe4ee1da29f6f0456363a79082aa6676ed8ba2fcf208b19d547106d9cf77d78242c3e1e7990a75b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft .NET Framework 4.8 Full.prq

Filesize
1KB

MD5
68e0a2bbc9fc3ea276a98a196a121700

SHA1
c6f28886f6749901ac0a1f6e8f019b23ba9b4d3b

SHA256
050c96f99f2038c65bb9e036912e6cdb6fcae840362e1693f9b09f6ec76ed9cf

SHA512
1ca225425ad2c8753d41035c332a4a3152107615a0fff348d4006610999920cf68ec5d5b30943882affc13b4ccf1ca46204761724f065eb8e452ef179db63e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Edge WebView2 Runtime (x64).prq

Filesize
1KB

MD5
1bffee1f29bbffaaddf3f2c3bafcdfa4

SHA1
26bb1ff6a13088799c9898abd8e08539437da0d1

SHA256
73e5e0f3c4e95e8f4ecf3981a5f2ecc019f56f0b7b28fdc1262f878fd7632cca

SHA512
c00580d42fd05a20d440541ed2eb0219fe6c3626b061f441e55a783a4d1c31caed6892b0a486842faf8061671bdf375b41c4bebd0ad9253b505ea21503e2425e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Edge WebView2 Runtime (x86).prq

Filesize
1KB

MD5
a8d54fbdf61058c3023ecd3dafa8c7d7

SHA1
c17216140d99035d32bb92693d0fdfea4094a3cc

SHA256
c031ff8826a0a60d272ab737c82ab66681eb9cbda169f573eac7b0ca8bb72dba

SHA512
2231b09a6c9e39481e397eb4957751a7d99a9bea29a9b4ac9ec6a12b25a6b3f1e737099b66f5bbe690ab2d3fffd17a9d3ca4252bf3c126f29fb69b4e43c50395

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Visual C++ 2010 SP1 Redistributable Package (x64 - dla Windows 7 i nowszych).prq

Filesize
1KB

MD5
4bd876838fff417cc4164ce11085ed7f

SHA1
32e2f9a830ee75ed180371d46efa2d5c39209d4c

SHA256
4e9a8da246bb10deebf33eb59daa8302476fe533a7941b19ffb0872eec56c767

SHA512
4bab43e46181e0a2d0fad4f8a16fb9f779ba9a8c3d58aee72e8189741ad69c3f31d1d3bf3f574b29919cafbb43d1326734d1e882f596370d41b43986f4db4c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Visual C++ 2010 SP1 Redistributable Package (x86 - dla Windows 7 i nowszych).prq

Filesize
1KB

MD5
3d408817c0d27236362209c02b6822c1

SHA1
908f059067228e8fd4b8913ac8779ff64483e578

SHA256
8ae442bb400bee9a8a796ce5212ec312dcc310170e04cdbecdf60ed5e7ee55cc

SHA512
8362a02c6688adccb916ab12441c2de5b2707d33557fbfc0127cfc3ab6a657b8b94c4dc35e8a65d590c5d158c86ab54c45c3d15dabdce5094562c106c7c60a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Visual C++ 2015-2019 Redistributable Package (x64 - dla Windows 7 i nowszych).prq

Filesize
1KB

MD5
44e2474a34f98a8da9f943e6d2a18f78

SHA1
7929f4f4c422eac7dfe49962366b23216f453ee7

SHA256
28b4d37f46268a988485aeef3c0aa8268d68df495bde44b63f419997f3756f48

SHA512
6cbe8ca8665a4c7b15c309f0d3bbe2ef9a44af14ccb493ebdba22d6d5b723f0f69b262907237e0cb0d382ae7b99035b27d2551ea03d8dbef9ea8d697564d1d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Microsoft Visual C++ 2015-2019 Redistributable Package (x86 - dla Windows 7 i nowszych).prq

Filesize
1KB

MD5
15cc34925105f45516f01127f7d8c7ff

SHA1
8117cd308d48d398fdb8a3f9a870eacce6bd544a

SHA256
66e131a72aca7a4372fd46824fd3e7bb5b39509ba9b38165954685a9a26eee24

SHA512
b6baf90d0cd6f7cdf0374ef4307fc3c72d72068e035474520b812d5d6c266ad84be201cccfe4143b2efdad3da161084d47b242210be090262eb6b979e0271ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Windows Installer 3.1 (x86).prq

Filesize
1KB

MD5
00ba1d21ed4422dcd63a8b5583d379f3

SHA1
7b41d2e4d5cbe0b7d73cd69c6a651a19c38e5abe

SHA256
e2620a4dd3ba69b294a7018937fdf5c3951161d4ffbea0a6a9a9e6367bc22b29

SHA512
189902e13f0c8dcb3ce4819f27a566c50fdf3641a6f7b27122bba96cfd47b2424aaec197f6524faa1e805b9352762096b16574bda8be7095cc2e38e94972a004

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Windows Installer 3.1 for Windows Server 2003 SP1 (x64).prq

Filesize
1KB

MD5
5c28ca116fb3211283b6504816106ea7

SHA1
47689a09eb12def4421faa358806b75f25df57a9

SHA256
894135be3be0a5d032914ddb15798688ba3483bea3c123d6de69e78239328f49

SHA512
8372332b41f5b24c1afeb730c41bef8b9e0a4e4d91df8e325d801854ea355207b38d1de0f1720aa39069a4b3bc846abac422272e5355ebf6c441918a36087206

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\Disk1\ISSetupPrerequisites\Windows Installer 3.1 for Windows XP (x64).prq

Filesize
1KB

MD5
86eb07bad3e63e1b967f6c6f04ca7432

SHA1
3bca6243d594160394bc3df617c58e8c857eb6e0

SHA256
a80c401ee3fdc648442bfc1343bdbc0d555528673d53e215cae41e1803c358b8

SHA512
25fcbd21e91796358b7c874bd61eed4f303850b05990e07b5dae915ce1371daf4a7af05b798882c8738b053524aaa2be7fe5f2b37800ae8c5b1357bb143798a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\nex-przegladarka-kosztorysow.exe

Filesize
944KB

MD5
8720848aca8b44e631ab3ac25b7787ff

SHA1
3571ca071f8e6f2e5afb5abc54d9005f12c0a9f0

SHA256
f2043f840cc91cc603190809929954cc88287752b6d58a9d381cd28f1747b1e8

SHA512
06854a0b9a0b688161d7a4d43809789a9aa2fb79e70a9c38fbb9bf7f6695445ff4d9cdc7bdc0047e43c5859cdb8edd81662c82bf3a275b33ec6eb35631ff6fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{90F41326-EAC4-499D-B0A4-9507C6EA05FC}\setup.ini

Filesize
4KB

MD5
5e0911e96fa3a07d1c3be35b73f6e8ec

SHA1
8700f1bc93efa02931419e02c5e92fd173df5116

SHA256
655039ead46ff0ae167938182c35683d1f6971e7a04181927680ed12d722149a

SHA512
6b9688415800668c131208c7590d0c5f31c68754e7b2cca053ac0e0a1a813ddce9807b837cc3abc7a70c01cc77fe2dad57fab85c2d003153aacab9604b4628e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads