b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wireshark-4.2.4-x64.exe
Size

82.5MB
MD5

c38012af36b2f24cf15f971e62e08d87
SHA1

caa0849461201937fa995afc5d2b80986c506891
SHA256

b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492
SHA512

84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784
SSDEEP

1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1808	Wireshark-4.2.4-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Wireshark-4.2.4-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Wireshark-4.2.4-x64.exe"
1⤵
- Loads dropped DLL
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsdBC3F.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit