f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/BI.exe
Size

83KB
MD5

0c5a26a60bda315abe34b46d79a34cb5
SHA1

fc1188b5f136fab9909eee42d4528ae3e6357916
SHA256

70143201f13ce305ae958ada21aa6a03ba58035e1b6eead330c70f716f938663
SHA512

15f3b932375244d2bf61128ebbb47439a9c25bc1d7b0dc52acfe7e128064e7de641a47535d4a90724f8fc321b122d526c4d36b9602782a41d0a15041a6dafd13
SSDEEP

1536:HGarUa6LowvuhdNYh2Gf9rg6hzGPnZ91SQ5hlbIn+s980xyjT8PZZC:d5BuYAVrgUCPnZt5Q+sKjkZZC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1764	BI.exe
1764	BI.exe
1764	BI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BI.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BI.exe"
1⤵
- Loads dropped DLL
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd1A74.tmp\inetc.dll

Filesize
29KB

MD5
69f10f991b3eb6fda3fd4813be4fc87d

SHA1
2583ffa11b89f907b80b78614ba27f0a911d5aab

SHA256
9855aaa371f7f27796b2bdd3d935a8dbd52dada91309af0d537ed8f5b7a583ae

SHA512
1ee8e44a569a0dd8668bf6d54bd2efec8ea09424668409d8f216ad37cc40c60d2ebc411960ba63c60d81fd4bd719a507a7678241aa2f3b51c77a155f5f7d6c0d

Download Submit