8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:18

Target

8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe
Size

120KB
MD5

ed26d3fba2c4c7ded790c4ada6ec1f1d
SHA1

9904fb2922c2f8ffd48516b814cbcf63c5a37573
SHA256

8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b
SHA512

965075d9d9adeedba55fc46344c59319f8151794ad98a3b7b723673ba3bacae2247762c8b95829bfd0a869ebe47f88d5e261e1551b5c5cec8ce77bf345a8ddd3
SSDEEP

3072:Ifi3k+oWDBDh1dujaBZ98v16tx2uuq70+n6XmGPmmO:IfL+oqAahuB+OmGPmmO

Score

4^/10

Executes dropped EXE 1 IoCs

Processes:

Un.exe

pid process

2284 Un.exe
Loads dropped DLL 3 IoCs

Processes:

8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exeUn.exe

pid process

1692 8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe
2284 Un.exe
2284 Un.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Un.exe

pid process

2284 Un.exe

pid	process
2284	Un.exe

pid	process
1692	8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe
2284	Un.exe
2284	Un.exe

pid	process
2284	Un.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe

description	pid	process	target process
PID 1692 wrote to memory of 2284	1692	8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe	Un.exe
PID 1692 wrote to memory of 2284	1692	8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe	Un.exe
PID 1692 wrote to memory of 2284	1692	8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe	Un.exe
PID 1692 wrote to memory of 2284	1692	8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b.exe	Un.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nso24C1.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
\Users\Admin\AppData\Local\Temp\nso24C1.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe

Filesize
120KB

MD5
ed26d3fba2c4c7ded790c4ada6ec1f1d

SHA1
9904fb2922c2f8ffd48516b814cbcf63c5a37573

SHA256
8f02832d587e496705b28788f60bd412c5b885e0ef477e377d3d4d2cecafa21b

SHA512
965075d9d9adeedba55fc46344c59319f8151794ad98a3b7b723673ba3bacae2247762c8b95829bfd0a869ebe47f88d5e261e1551b5c5cec8ce77bf345a8ddd3

Download Submit