71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Size

1.2MB
MD5

257e2d1def8119cf32305d0ae2248438
SHA1

0b66b76837f1e30621e6f58ccc508e7434e2ad21
SHA256

71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
SHA512

68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227
SSDEEP

24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2208	71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
2208	71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe

C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
"C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi29CF.tmp\ioSpecial.ini

Filesize
1KB

MD5
0f231777718c299d9ffa6faeaaaea0e9

SHA1
5589f7b9338836885df586ff7707671dd4f34861

SHA256
b758773d97447ecd22872b02f453f37b435a45f9f7291d81860dc240e667b137

SHA512
2809d15ee54626f0420013f884c52b673f44746790e8d48b306e25bb57e77ce686316372045ab933f43c311b45704c55358f64ef1c243b9e97ae3ac8c78ca192

Download Submit
\Users\Admin\AppData\Local\Temp\nsi29CF.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit