0b96d9af471c99a3672ca155220fc5cb453fc587ed69b68adc0d6d568af0a9d6

Resubmissions

16/06/2024, 18:21

240616-wzfn9avhrn 7

16/06/2024, 17:48

240616-wdm67s1alg 8

Analysis

max time kernel
1653s
max time network
1667s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MTS_Remoteplay-install-win64.exe
Size

140.1MB
MD5

bddf7baaf20b9f7dc584b47addfa77ae
SHA1

22e2e824aab479111f4815527ec466e6f1a525d8
SHA256

0b96d9af471c99a3672ca155220fc5cb453fc587ed69b68adc0d6d568af0a9d6
SHA512

a5c9be1425a809c23f80b45b8b10b76c95df7c27037b7d7ff3afabb0ad621f1067740bd820b93794580a988db570515f49b40889658f0f3a03b9c9a8d83996b5
SSDEEP

3145728:vIATPSb+p0c373VuIigW6SKAACRVGq/SEs4egGAQ3M2MdRc:RKb+0c38ZXfYD57jAQ3Mbm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3944	MTS_Remoteplay-install-win64.exe
3944	MTS_Remoteplay-install-win64.exe
3944	MTS_Remoteplay-install-win64.exe
3944	MTS_Remoteplay-install-win64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\MTS_Remoteplay-install-win64.exe
"C:\Users\Admin\AppData\Local\Temp\MTS_Remoteplay-install-win64.exe"
1⤵
- Loads dropped DLL
PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\ioSpecial.ini

Filesize
1KB

MD5
250d8f9c6ed55b5bd95607d354a052d8

SHA1
24476b103622b4227e0d24b2408d86e0aba066db

SHA256
5180c4c74be6bcacca4d4ef19c6d6403e5d790cbdc9c1c9cbb426687054856e0

SHA512
742ed10757ca4a1845a91734fe0f26502e21dd49c3cd4cff6cf1fce053d7cf9c93979922caaf9beb2972d390fce3c140b8b7b4ee206bffa65471ef5c58dcae5d

Download Submit