10d78fbad39545b9eb6b5d707159819beacf3d99148112212da374ae8bece49e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tm2008preview4_chs.exe
Size

9.7MB
MD5

79476fb402c3d18d8fc72d3a05199043
SHA1

5e250020a0eb137ab3d57d10f41701530693819a
SHA256

8ac96a7e8d8b79f2c5ccc29d0eafeb4fcb226d762137c3e44347bee30888985a
SHA512

c64fdb68d01adf88db74934cbf8edb836a618fe1799ca0f031a8c0d61af4e1498391d3205c97a7d4e35369d828de0adc461fc51f938dc3e96984574ab5de6c0d
SSDEEP

196608:s7lhVoA78gwnbRzd8lNwQR52FhrQjIQODD+50drumUYK1:s7lLoA78gq9zd8Pwc2FFOCdWz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1284	tm2008preview4_chs.exe
1284	tm2008preview4_chs.exe
1284	tm2008preview4_chs.exe
1284	tm2008preview4_chs.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\tm2008shortcut.ini	tm2008preview4_chs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cfc	tm2008preview4_chs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cfc\ = "CFC.Package"	tm2008preview4_chs.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1284	tm2008preview4_chs.exe

C:\Users\Admin\AppData\Local\Temp\tm2008preview4_chs.exe
"C:\Users\Admin\AppData\Local\Temp\tm2008preview4_chs.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd3719.tmp\ioSpecialW.ini

Filesize
745B

MD5
4f29725f5cdc615827fdc67dc8a0f9ff

SHA1
95ace6d1a168b7c63dd630cb20e48ef8378c8236

SHA256
7d1d607ebd6b10f71f5767b905fdfb23a4cf430af3117cb419222da99d9031f0

SHA512
d664944315dfd293a3fdbb3c7318c5b642235d2cc02c0f2d91e878108d4f0469ec88ff1713975b016b24e878d8743a01e6c3c732f0a33578989ee6f407a9ad25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd3719.tmp\ioSpecialW.ini

Filesize
784B

MD5
d0908367dfcc8136d8c7d1db1837d4ea

SHA1
b86377164f358092e21f0cc07be964c8483a44b3

SHA256
0797174a523efe737ff22eccedcd95c0e09248f6d6f50219331d543647211274

SHA512
c97228147a33ad76fa1f3b78a3e1cb33927d4b0323a01e4898427ba03a61abdf86290998df5b13e164fccd47eaf77e157905a12e322f202e661fb42b8128e7e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd3719.tmp\InstallOptions.dll

Filesize
13KB

MD5
b4ae88873b8f735cce21f4f280b40e75

SHA1
32b2f6929645821adb3f63952de63805838f6172

SHA256
e8c6b3e917d708756e67fd709e5b78f333490be49532d85b1fa02cc844c7913f

SHA512
a109f3ba291e1d34b6c07d1e270c2d7f7c78a5e1e0fb1bb494779564f1608fe53d919d68a72a2b9aaaf0e23744fe16082a4e4833adf5a8edb499481ca5970ff8

Download Submit
\Users\Admin\AppData\Local\Temp\nsd3719.tmp\SysHelper.dll

Filesize
84KB

MD5
286aa9048a5b1292041de5673bcaa2c5

SHA1
875c3ef71a1c8af77a7875013d3383c123e4dd56

SHA256
0b7fc6452821d36d94b64366435efb0719161816640fb2a366ba749809cb6f7e

SHA512
8616647e673feb9deafd7329cef81496c198a215d01504cef8cb0d62c278ed4a584a09ad21bb8c93e6dcff77b2f3afa22d6968ae1c41c2a4ef74c495e210a66b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd3719.tmp\SysVer.dll

Filesize
44KB

MD5
8d3e6a5c864c293f78721ab5168cc3b3

SHA1
a198b2857b38d931bfa11def2340181450b94aaa

SHA256
e17cbc42ef349ea63bb580fd5dac326f49969bb0d757334e0429362e8e5d6fbd

SHA512
a61aceeea173a577d4b30f089f7cfab4841036a06a0b1530041400e9378afb4c825f1a1370d263a382fc6655ed4ead062b68121131cfbc529c656969acfe96c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd3719.tmp\System.dll

Filesize
9KB

MD5
e085476805e8f5ef1c7ed635c5309017

SHA1
609e79fdc29d6dee40cc5dd333094db5f9f63eec

SHA256
4eb689e2db8d683afcfffe6dee1985fbd458d2770093547331d563acece80c67

SHA512
082932aea8d993de8ca1eeb60f7bb4e56cc7eab4a683c59822b2c544223febab5915bb2b7c2e2dad79472bbd8ad400770dd7c1f112cef24d18ebd0f1ad63fe9f

Download Submit