4a30c7c2b8842490e34f45df81313a4b1deb53f9e1fcb75e1e5c46e2d726af84

Analysis

max time kernel
1797s
max time network
1799s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

237KB
MD5

0a9ee8f50ef336b422521e133f6cc751
SHA1

efd4e7cf8ba60eba1d3302675be6c1fa659638e7
SHA256

4a135f60a5193f543d452c9d01e98546c44680e7bdf6c043e8837b1dfeae3875
SHA512

67b69f19ec4e8bdc751bb5d4df4b5559491b28856b334a1a5b64c90fcdc4d5a7e0a76a6bee4593ddbff9ebea193107f195b812242a1c1be641bc4b6b92962190
SSDEEP

6144:IHpndYGCwABknMJ0e9OPEZOZVJyB60OHyLC7vh:IHpehi6OHc2HywZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3624	windirstat1_1_2_setup.exe

Loads dropped DLL 2 IoCs

pid	Process
3624	windirstat1_1_2_setup.exe
3624	windirstat1_1_2_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral3/files/0x000900000001e92c-1.dat	nsis_installer_1

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
PID:4520
- C:\Users\Public\Downloads\windirstat1_1_2_setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsq54AA.tmp\System.dll

Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Public\Downloads\windirstat1_1_2_setup.exe

Filesize
630KB

MD5
3abf1c149873e25d4e266225fbf37cbf

SHA1
6fa92dd2ca691c11dfbfc0a239e34369897a7fab

SHA256
370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

SHA512
b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e

Download Submit
memory/4520-39-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-46-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-18-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-19-0x0000024BED060000-0x0000024BED065000-memory.dmp

Filesize
20KB

Download
memory/4520-21-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-20-0x00007FF86AD30000-0x00007FF86AE8E000-memory.dmp

Filesize
1.4MB

Download
memory/4520-24-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-26-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-27-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-29-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-31-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-34-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-36-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-37-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-14-0x00007FF86AD30000-0x00007FF86AE8E000-memory.dmp

Filesize
1.4MB

Download
memory/4520-41-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-17-0x0000024BEA1F0000-0x0000024BEA23C000-memory.dmp

Filesize
304KB

Download
memory/4520-47-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-44-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-49-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-50-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-52-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-55-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-57-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-60-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-62-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-64-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-65-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-67-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-70-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-72-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-73-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download
memory/4520-75-0x00007FF86A950000-0x00007FF86A9DD000-memory.dmp

Filesize
564KB

Download