68ee76d5d16b0e75d3b3e4421a86a948300e3bc1748c504a9a277794b18c3ea9

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
Size

169KB
MD5

7358495b9e5519e566d5eb146c18d628
SHA1

58a185a85da2952455f18a33a80ce4cb7beb6e24
SHA256

68ee76d5d16b0e75d3b3e4421a86a948300e3bc1748c504a9a277794b18c3ea9
SHA512

30ad1365032fbfe864cef3b72fa126f53f76318bbac6ac593c2006ca3f7d3b65eb6fb2e9283c35373389ea8da3b46611d84f5874d396ced560bb8c214207e8b2
SSDEEP

3072:rNzPHk9Mpch3ZpXxJaXG0agJM56sBhLsnn:rhRW3zhJaXGdwe5Ban

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 37 IoCs

pid	Process
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
1892	2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe

C:\Users\Admin\AppData\Local\Temp\2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe
"C:\Users\Admin\AppData\Local\Temp\2A2D1CB4-1C81-4BB7-8128-6EF91845C89E.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy4E80.tmp\INetC.dll

Filesize
21KB

MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0

SHA1
d850013d582a62e502942f0dd282cc0c29c4310e

SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4E80.tmp\blowfish.dll

Filesize
22KB

MD5
5afd4a9b7e69e7c6e312b2ce4040394a

SHA1
fbd07adb3f02f866dc3a327a86b0f319d4a94502

SHA256
053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

SHA512
f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4E80.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit