71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

Analysis

max time kernel
114s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Size

1.2MB
MD5

257e2d1def8119cf32305d0ae2248438
SHA1

0b66b76837f1e30621e6f58ccc508e7434e2ad21
SHA256

71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
SHA512

68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227
SSDEEP

24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4068	71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
4068	71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
"C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe"
1⤵
- Loads dropped DLL
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsiD7.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiD7.tmp\ioSpecial.ini

Filesize
1KB

MD5
647bdafa7bd2cf8750af58f935c309d5

SHA1
5c7917906c8adcf58d6f6289d4e3bfbf34ee3b46

SHA256
408f823c814ac5746a92e7aebb3fb330a9c07470dbfa7f908291e8981f675b39

SHA512
07a215668fa097d42ba93acaae766950094ef690430dfe1d7dad0ee3a217ad150081f9726dc2d7252e3d8192a43e58ba4c49ec3b07f022b5f08f95dc01a9cf47

Download Submit