d19dfbc9111f9fb17180f4b952ee2ae1326794e2f3872e11bcc22e20844daf6f

Analysis

max time kernel
137s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lspdfr_049_8757_3179_setup.exe
Size

64.4MB
MD5

ec3d810f1eccc4da2c4fa010a9121f86
SHA1

3858275379fd71694c09373685f338a367f47b66
SHA256

d19dfbc9111f9fb17180f4b952ee2ae1326794e2f3872e11bcc22e20844daf6f
SHA512

a054bba3ec1067eb8619e5ad84eadb58de044237d8967a00fe5e7c8dffad1222e574987f6af96499c6f11a0a220b22e60b31433106ea662b907d8643289d0a60
SSDEEP

1572864:3HsUkR4K/mnruM6U/pRO5HY+PH+TpSGSzc7gVre8VJYYE:3Md2wmqkO5v8O4gte8vlE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4000	lspdfr_049_8757_3179_setup.exe
4000	lspdfr_049_8757_3179_setup.exe
4000	lspdfr_049_8757_3179_setup.exe
4000	lspdfr_049_8757_3179_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\lspdfr_049_8757_3179_setup.exe
"C:\Users\Admin\AppData\Local\Temp\lspdfr_049_8757_3179_setup.exe"
1⤵
- Loads dropped DLL
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5176 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\ioSpecial.ini

Filesize
1KB

MD5
148a7dd95664efcadd5b4d04e166abc7

SHA1
c46b03fc32422c8740ef35817ce4b8ff245cfeae

SHA256
5c30d1a1114524511d4c694617c58399dabf3ca5f3900968834ae7f71b1ecf50

SHA512
a1f893b34f95e18bfe65695fa2b37e48554cf92395ee1ebc3ed7c13060b25722dbd6232a05144c2579e1f0a3e09d6fb56abf70c4d8bba60c48e48d5ca26a70be

Download Submit