f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
Size

8.3MB
MD5

3aed62680dcb29125d1470ecf2f0cc06
SHA1

67a49fb3a2c50c1de0f163291de5076dac4be974
SHA256

f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb
SHA512

217c0430f11e3bdd3db73b06cb636857dd313e53c8bfee8367b25a9b1043491ce7812602f0c92d97e0b740555ad05e619d852da48f5c95d52fa66fadf7c1475e
SSDEEP

196608:4AMFrGBQG8VZYBZXV4vS/ztfAT1WSger292uaarZMPHpi9xx:4AMuQGeZYB8vS7tfAqqzwMP4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Un_A.exe

pid process

1520 Un_A.exe

pid	process
1520	Un_A.exe

Loads dropped DLL 15 IoCs

Processes:

f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exeUn_A.exe

pid	process
2820	f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe
1520	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

Un_A.exe

pid process

1520 Un_A.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Un_A.exe

pid process

1520 Un_A.exe

pid	process
1520	Un_A.exe

pid	process
1520	Un_A.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe

description	pid	process	target process
PID 2820 wrote to memory of 1520	2820	f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe	Un_A.exe
PID 2820 wrote to memory of 1520	2820	f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe	Un_A.exe
PID 2820 wrote to memory of 1520	2820	f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe	Un_A.exe
PID 2820 wrote to memory of 1520	2820	f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe	Un_A.exe

C:\Users\Admin\AppData\Local\Temp\f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe
"C:\Users\Admin\AppData\Local\Temp\f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy85B.tmp\nsQtPlugin.dll

Filesize
311KB

MD5
99d9e0fa8040828a75e924d7868c4154

SHA1
41ef503eb02e139dafd9c50218a132f7b04327cc

SHA256
791de6c3ac6b9fca5118e7528f70b85161c86c3f393de4555b7a1489eda0f1ba

SHA512
04b496384d4bcd7ebb33aa72ca517d91a8ba02adc5d0bda587585d772a1b27df639455d3b8c8cc4b2029b6a19192ec9e465ab29d9589de82394df9cc423deabb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\Qt5Core.dll

Filesize
4.9MB

MD5
9883f722350a66f4cdb3c43a990707b4

SHA1
cd05074ca8cf2ff4e39c4ecc8a88894ed9b9b169

SHA256
366f2c1abc8cd42a956f9747370d94bc48c7b78c362a99634ff01acab7b6c866

SHA512
c62925b3b51608e7c1ce5e782a2ee5779fda3a99c7cefcd3ea65f1fbf114e3869d37c580848db151d7d774da0d8b6ec3dacfd2949a27bcede4f5b14a51bcac4a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\Qt5Gui.dll

Filesize
5.1MB

MD5
9af8844d2e5fa1b78ca5d5717750bf8e

SHA1
69768b6a935ad6aacf07576a3a34bb84464953f2

SHA256
7923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6

SHA512
b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\Qt5Network.dll

Filesize
1.0MB

MD5
f695b4ec06c6d164e71742dc52cf45bd

SHA1
91dad1f5e88e0acee59b06ae861d6231656f3b91

SHA256
672b9e404d20c94c137172deaffdbbb9be6b9922e10f6fc7f2d8d1d13d8a7ddd

SHA512
347a89435db11b92ed530ebb5fde97ca0fa70da5af33cf0a8687679a777ac8e6d19761a1085618b0f54804fff0c4b4c66cd20eae31a9544a9262db1f846b9028

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\Qt5Widgets.dll

Filesize
4.3MB

MD5
0437c572b8692fe4d9ab3227b935f6d0

SHA1
91a586716b48f790521fc40c3b0b80c0dd16f5d0

SHA256
4ce775b049018e12196fd710c6b5d390562fedcfb283433628a3f1079574b7c1

SHA512
cf5fd292455c57a6e92f0f98da526c1d911a1ee54cae2dec45fa75d1bd09490cde95933a26778c1ce45f0f59a54701ec0dd12e7b7867c30bdf37fc48784107fc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\imageformats\qgif.dll

Filesize
30KB

MD5
ad90539a0cc5bea4ce30ccf45b22be95

SHA1
ef7c968e399f30b34da6a49adea6a891c8449d32

SHA256
2bfeabb11ce7f48b062c1044c54eb117408517c0e0c09641ea682bb3b35728ad

SHA512
cd5e564c72bc1ccbf642b437b85ef1760e692e178b6c5e40bf183fb3decfa3cd59c97bfa7ed620715837c33b2128493b5c7b07f48e6f6e83cdb3bd6675af9979

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\imageformats\qicns.dll

Filesize
39KB

MD5
6e9ea212ede912e5adea6a724c942241

SHA1
2c3a3670fb1a443950e8c8aa1c4a6f80bd4b04d4

SHA256
02725fa085c4efeb9a380662a51e81c2483aada0b8632842b484cdd4f6066f75

SHA512
384308b876f149117895ecf98ed8df11c2ce1794301be60630b2a844c30e38eadca78823a50fc9a2dd5d1e79d17311bae213f0454270143e5a20ddd8b5e696d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\imageformats\qico.dll

Filesize
30KB

MD5
10c535fcfca304afb59a8c491349426f

SHA1
7a53485cde15e7212814a49b1e8f84d90fc9573a

SHA256
a4a9d2dbb549b62c615e514d4aad75298e8342ab90b7f30ae163f064654a1299

SHA512
6c4fb8592a1f3cb6dbba02a23787d8d782aaf9c227db141aa846e908dccb0b584cd32d6daa0f8dbe12a6803eaf41b8e36c33a558461006d52abe512f51420bde

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\imageformats\qjpeg.dll

Filesize
361KB

MD5
a411567f64e267460df090d795a8bb32

SHA1
f3762d6a199aac2824f418914069b5cff5914e05

SHA256
80e1b62b936b10cfae9610796b9e160615c0deffa82f0f8f27c2212baae9d7b8

SHA512
e123a351144f6ebcabaa89a7ee5c26b84b6938daa99a6e80e25cd2d65b955456d0cf7631f22ea3badbac21bcc58711e9588f3d4b4034305fe41faada318bf5c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\imageformats\qsvg.dll

Filesize
26KB

MD5
ca2ea003c6fb8ee2b3f059dcd9338012

SHA1
7ad2a5bdba61f432d5a5cc655d6834a91e6fc2f3

SHA256
87905c987b8e6301d50ff691482c6cc262d0c96973a38e2d8a294cd720b37b4d

SHA512
6cc54d7e8308ddd5ed2c4eef113bacf87425e8cf6143466614549e25431b880eed663afae671eefa21eec2ef78635dd64e57df971bcaebf8ae33752815bcf249

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\msvcp140.dll

Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\platforms\qwindows.dll

Filesize
1.2MB

MD5
c41b9d665cbfff0d51aeeb84b70dc978

SHA1
d95892dd39c8ab2d11ac4329233a1fe1e71dc479

SHA256
441b8371df3411361131e9ea2db0a091d26d699636932e695afb67f8adaac77b

SHA512
c89ab6e0710abe5c32a0471ff3b08538be0a9c6ed50833b82d12ebb19124a94161fb1748969ca5fe0d8aace10ff499b3317db9b07bdba370a9b0bf5707f6b7c1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\styles\qwindowsvistastyle.dll

Filesize
125KB

MD5
4e611fb1077bfa73f24cc11fc9c9c871

SHA1
8e68093fd3d585b668705b9de21d9be104ae241f

SHA256
8ca284c960d744f35f8af783af791fd1ecfe02965e342b4c3220ee3d162ae3d0

SHA512
94e0083ef999908a5a624eedaef8ce24ebcee09abd1c38ae517747ef617d3ed4207d3ea0b1df47f1379caed5d7d397303f6e81ab24466724bf6273979ed85f09

Download Submit
\Users\Admin\AppData\Local\Temp\nsy85B.tmp\vcruntime140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
8.3MB

MD5
3aed62680dcb29125d1470ecf2f0cc06

SHA1
67a49fb3a2c50c1de0f163291de5076dac4be974

SHA256
f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb

SHA512
217c0430f11e3bdd3db73b06cb636857dd313e53c8bfee8367b25a9b1043491ce7812602f0c92d97e0b740555ad05e619d852da48f5c95d52fa66fadf7c1475e

Download Submit
memory/1520-75-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/1520-74-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/1520-76-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/1520-77-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download