e2cadb0766cf2fc20a527c917f4475388ef3fbd73b8e0c6d071b695afbb1dba3

Resubmissions

04-07-2024 17:22

240704-vxyavazeql 10

04-07-2024 17:19

240704-vv7rhazenr 10

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe
Size

3.6MB
MD5

58b00f133ec3b7efa68faf94233d594e
SHA1

b4d6b9e52f3da97420e8ce576a741156b34d540c
SHA256

1657edd67f181f75fe6a5f29c2cbdb7a617a8cb0e30b16ca2ed5bff7c7e22e0f
SHA512

2ebc0af6e7858eeccd33e78193cdaf3bab173b8e5f29ce975ce4f25baafe23d0b0de561bfdbfa330f590935eaedc2aa5dadbd66dbe2df82b0f945352e0d4150d
SSDEEP

98304:QmsibDMe6xxPjY/3zLiVOgyZbfMVjOuF5wdxo:QmDELPjY/0CfGjBGU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1720	[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1720	[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe

C:\Users\Admin\AppData\Local\Temp\[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe
"C:\Users\Admin\AppData\Local\Temp\[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd3719.tmp\ioSpecial.ini

Filesize
531B

MD5
f39b4de1ad6dcd00e1690cadf936c5fb

SHA1
dab9ca800e418fe7ebd15478c7d9b5ca352d60e1

SHA256
b962698650bf5bc3e7f07347ad33a36531331f61888bf95f75ee97112552e98f

SHA512
5eb07f33dd2e25dbb6460c2bc8ad448c7c58f4a7583d82228610618ea4631cb7aa9fb8a6e006050df78808b0d5245a68297d96f9bafc3b5be8e43818e05a33f7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd3719.tmp\InstallOptions.dll

Filesize
14KB

MD5
ec48a8204e1aed3d9a951cd92158cbe3

SHA1
0db29522e15448553b697b88b31a3d8392efd933

SHA256
3166399ed2ee296749aa412a4ec70807373b6349e9b94a7fcd97c3418f744f0f

SHA512
9b0ab63fbe4bf89ddf93e5fc6922cc95c0586e21dea945ce04065afd7957bd2472e34c909d356123346f62dee4c6d6077a0072810c91b61ad3df4c168cdb79d5

Download Submit