f2402c9091301362f4373772f43a917926f018b11c2528f906fb65a686f208f5

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
08/06/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spin3d.exe
Size

1.1MB
MD5

63b9c30a09149de7ff633a4a2a18b715
SHA1

9a881b080d68539e5a80e49443028d2be01288d7
SHA256

f2402c9091301362f4373772f43a917926f018b11c2528f906fb65a686f208f5
SHA512

76d5cc1b082e2428e7b9cbc0a3bf0ef0840a4c60ce133a9d950e2b83038b091364893c5baeebe4e81f338d0a411eba58279661ed5e568f1d7e575013550dd5a7
SSDEEP

24576:nr6qh5TZtmp3ocu0IHxQGUYrPliBYF6tfpAIQfXSXNwcZ:rnzTmA+Yb+YMXArfSqU

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Spin3DInstall = "C:\\Users\\Admin\\AppData\\Local\\Temp\\spin3d.exe"	nchsetup.exe

Executes dropped EXE 1 IoCs

pid	Process
2808	nchsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2808	1216	spin3d.exe	77
PID 1216 wrote to memory of 2808	1216	spin3d.exe	77
PID 1216 wrote to memory of 2808	1216	spin3d.exe	77

C:\Users\Admin\AppData\Local\Temp\spin3d.exe
"C:\Users\Admin\AppData\Local\Temp\spin3d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\AppData\Local\Temp\spin3d.exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
1.8MB

MD5
34dea0830f87ef51c0011e297de00384

SHA1
6d1d42419863eb571565f912be26d2b27d55a013

SHA256
b25dcd24e73c09e204c0c8e9a7ac4e094a4a6378db7af6ba38a5038b1a435bb7

SHA512
c08e1dcc28c0a0e79c850fbe3ba565b203080aa6de661af622aa3bca641804f700354c66d2751609fff7e92195bba876213d8d37c1cbebbeacaca5dc4d1cc1d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads