1234fca475092501d14959a1150d53c1817759cfb3960376640065467590cd66

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 07:38

Target

$PLUGINSDIR/$_354_/ProxyInstaller.exe
Size

77KB
MD5

0a04346dd845d2da2fd7495e79d1fd29
SHA1

73d70293b36f53177d2af86b92696209411a620f
SHA256

38a547d439ba02165e6c8eebda518bd8389f7f5a466dd5932db07bf6a3255699
SHA512

71f1dd266293781122a942be0a069e212215d619af35682e7b3b9d16dcd005d698740cdc6df07fef0041ccae5b9bf11511c59ff884cca02426a20ca2f3c61e65
SSDEEP

1536:9VdePelp2Xy+tuQOzOYE5aXPnYF8suJ0mvlOX5C8e7ixoB:mweqOYEUXPnlJBj8eGqB

Score

7^/10

Loads dropped DLL 2 IoCs

Processes:

ProxyInstaller.exe

pid process

2676 ProxyInstaller.exe
2676 ProxyInstaller.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2676	ProxyInstaller.exe
2676	ProxyInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\$_354_\ProxyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\$_354_\ProxyInstaller.exe"
1⤵
- Loads dropped DLL
PID:2676

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

\Users\Admin\AppData\Local\Temp\nsy321A.tmp\System.dll
Filesize
17KB

MD5
a4f38d1c7a480f5da1bb8097b8b939db

SHA1
b3129c2a0e61881381463f5e0cbbffa573daa845

SHA256
e1180e1e3344c7536150275e33de53dc1dd1a3ca03be66c4d4875fe5bcd4e436

SHA512
fed89f7ee9364fc2f4b9f82c4563713497043947e98dbb03e7d755681adf3ae661aba80d08e59988a23695fc64481b69d9842b7ec7d2b572cc872c4c9957febc

Download Submit