cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe
Size

321KB
MD5

e5812b98cab107a220a850b01c37cc8b
SHA1

1d6f2064bcdeb3deca0d47fa89b5d2d9a9d26db9
SHA256

cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044
SHA512

21d073397675246b06e863391a93d45ea2aed990bba6e6a57fafd1be5a9d2db8c9b28ebb62a6ae453858575f5181b13bc6701588e646c3b176257ba312578484
SSDEEP

6144:mNeZi2X8nOqyURK/phDHCEZkxjUx0IoByEuXZfnaLX3KTh:mNj2X8OqyUR+hDHtZOE12yJX3Th

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4428	Un_A.exe

Loads dropped DLL 3 IoCs

pid	Process
4428	Un_A.exe
4428	Un_A.exe
4428	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 4428	1964	cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe	91
PID 1964 wrote to memory of 4428	1964	cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe	91
PID 1964 wrote to memory of 4428	1964	cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe	91

C:\Users\Admin\AppData\Local\Temp\cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe
"C:\Users\Admin\AppData\Local\Temp\cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa2D65.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa2D65.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa2D65.tmp\ioSpecial.ini

Filesize
784B

MD5
2f0704477e34bb9e8e2254136d38311f

SHA1
b50717523441d50da060ad4f7a03dd18eb4cb2a3

SHA256
0f78d7c6e43af3c6aa3e38cc5dc1cce3b509e88ebe7d008910f20613b2765726

SHA512
bdce729f51bc6e49098f2102a8df93ec97f5be7cbb736aae1b5f883e405359be85a5d5cf7b4e47c38928693d4a4cf57572da15cb01680da131299f29bfa6b0cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa2D65.tmp\ioSpecial.ini

Filesize
1KB

MD5
698e6102e69f9110adf45e7dc6b25c50

SHA1
7d4de4b476179d9189c9a73272404e2a2d03adf3

SHA256
fb0d459b0feb372c030ea779b74dc76fc5ccc502d1083930bab0b5734450d69c

SHA512
534e48d68202d89979547fc0b8d567b51868508659616efe6e1133ea80e6c2bfe6ebe6058ac96ca23e25c7c00489d07200e322d77bf1821116be6cbb63e044a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
321KB

MD5
e5812b98cab107a220a850b01c37cc8b

SHA1
1d6f2064bcdeb3deca0d47fa89b5d2d9a9d26db9

SHA256
cfbfec93fee9a4bd5c55fb2a52f11eb2f689b2fe46caee0d3103f0a07cf3b044

SHA512
21d073397675246b06e863391a93d45ea2aed990bba6e6a57fafd1be5a9d2db8c9b28ebb62a6ae453858575f5181b13bc6701588e646c3b176257ba312578484

Download Submit