e223f60ac7d4de97d15b02c451531144e95b2a2caabf73ef11a05863116eac54

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$0/uninstall.exe
Size

83KB
MD5

26d12a09fd0b7b3e32e93355a3a110af
SHA1

1e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1
SHA256

82a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487
SHA512

524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56
SSDEEP

1536:WEkjY1zy214Qay0DGkJ7qAELVigJ83ZKRcpw/1q792sX7Ia12/DCJ:9kjAJ4dDGkJ+AI0vcuo1qRka0/s

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3640	Au_.exe

Loads dropped DLL 2 IoCs

pid	Process
3640	Au_.exe
3640	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral4/files/0x0007000000023269-3.dat	nsis_installer_1

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 3640	2112	uninstall.exe	91
PID 2112 wrote to memory of 3640	2112	uninstall.exe	91
PID 2112 wrote to memory of 3640	2112	uninstall.exe	91

C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$0\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsu1D29.tmp\InstallOptions.dll

Filesize
13KB

MD5
d765c492c21689e3d9d61634371fd861

SHA1
ac200933671ae52c9d5544d0e2e8e9144d286c83

SHA256
551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

SHA512
9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu1D29.tmp\System.dll

Filesize
10KB

MD5
fe24766ba314f620d57d0cf7339103c0

SHA1
8641545f03f03ff07485d6ec4d7b41cbb898c269

SHA256
802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

SHA512
60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu1D29.tmp\ioSpecial.ini

Filesize
619B

MD5
57e3fc8c783ec6736105fbd36bc2b692

SHA1
7fa753e57121a6b9810c904444e212a25c4cb3b5

SHA256
34e0300dc7c8fb6c2e9dd5b26b5c6ee44d742890cd6c5fed651b4f9c0d72172b

SHA512
7f2c0f49d7a462a19f87dba51299c7d78b0be60a35d7a0c0b4e8eb78bcc8912b4e05bb0fc0ae55e5d6856bcac3a5f198b7d54cc33e541834126491235a00cfb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
83KB

MD5
26d12a09fd0b7b3e32e93355a3a110af

SHA1
1e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1

SHA256
82a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487

SHA512
524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56

Download Submit