Resubmissions

12-06-2024 18:38

240612-w98g1syhkk 7

12-06-2024 18:29

240612-w46fgayfjn 7

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 18:29

General

  • Target

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202.exe

  • Size

    12.2MB

  • MD5

    e4acf0e303e9f1371f029e013f902262

  • SHA1

    180f686f2afe1ad0ac6f3498e70af910fcbce620

  • SHA256

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

  • SHA512

    fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

  • SSDEEP

    393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202.exe
    "C:\Users\Admin\AppData\Local\Temp\9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2580
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2736,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8
    1⤵
      PID:3672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nshD6BB.tmp\System.dll

      Filesize

      12KB

      MD5

      4add245d4ba34b04f213409bfe504c07

      SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

      SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

      SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • C:\Users\Admin\AppData\Local\Temp\nshD6BB.tmp\UAC.dll

      Filesize

      14KB

      MD5

      adb29e6b186daa765dc750128649b63d

      SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

      SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

      SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • C:\Users\Admin\AppData\Local\Temp\nshD6BB.tmp\UserInfo.dll

      Filesize

      4KB

      MD5

      d458b8251443536e4a334147e0170e95

      SHA1

      ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

      SHA256

      4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

      SHA512

      6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1