e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 12:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
Size

1.4MB
MD5

48e988d24561eea47026be896013cf5d
SHA1

cf3658eb88e6fe386d726d5b7ab753983e04abe4
SHA256

e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc
SHA512

c750e90dd5f3a1ab10a630954cb4736b03b12e9e24a366acda2e483ce0cb15b5be61511b6cd12eb4522e5a2a7a6bab435e64c65949d5a4e1f66945a21a17485a
SSDEEP

24576:nzksO8DYztg9TtfsLX6LJNFq/VzsEgzMC2Qt53VLxOCFUBow1B12ZzsaeR:ZDj+8JNwdgEE5T3xkxoOYZzI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4940	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe

Loads dropped DLL 4 IoCs

pid	Process
4704	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
4940	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
4940	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
4940	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4940	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 4940	4704	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe	84
PID 4704 wrote to memory of 4940	4704	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe	84
PID 4704 wrote to memory of 4940	4704	e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe	84

C:\Users\Admin\AppData\Local\Temp\e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
"C:\Users\Admin\AppData\Local\Temp\e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Users\Admin\AppData\Local\Temp\DependTopPrinting\e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe
  "C:\Users\Admin\AppData\Local\Temp\DependTopPrinting\e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe" /UnInstall C:\Users\Admin\AppData\Local\Temp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DependTopPrinting\e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc.exe

Filesize
1.4MB

MD5
48e988d24561eea47026be896013cf5d

SHA1
cf3658eb88e6fe386d726d5b7ab753983e04abe4

SHA256
e23bd6515ebba5d26902ee6822eda831269e668c26a20bad33447965e65a27dc

SHA512
c750e90dd5f3a1ab10a630954cb4736b03b12e9e24a366acda2e483ce0cb15b5be61511b6cd12eb4522e5a2a7a6bab435e64c65949d5a4e1f66945a21a17485a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE0DB.tmp\nsSkinEngine.dll

Filesize
646KB

MD5
a36e3a886375a1c1473d77a1f37d24e1

SHA1
8ba667e1ec2de2ed19919953f433a7b99e3bc413

SHA256
21acb9006b8106ef01e5dcbc6d731317414b8a4649d077714860821bf4af8927

SHA512
608932a7f269b0967d66714a8d4b9e2b038200caf5cce8ad6e555f8bdd2a09af93dc57aefcfdc5fe38e76526b6c0a1b185ccd604e5f86695e78299044f9b93c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE0DB.tmp\nsUtils.dll

Filesize
166KB

MD5
f94ced0f40a82f6828e498377230f041

SHA1
bc926b0a2344a82ee6262bfbfe12c54eca6db31a

SHA256
7339d2fdfc5d9fa055c8b932c708104a7bf055154062107d51e55da412a49d7e

SHA512
31ae5ed3886be569ad9daa1df958228a11d147b09a9f6bfa4193ab13f8be619dc03c46bcaa6e7d5df2f7d9594b55eb7287f43f48d4ef5d03c1648f126c23f631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfE010.tmp\System.dll

Filesize
11KB

MD5
553d576d77585b9e3a2819256694e81f

SHA1
9cbbfeff076d3edc1385be5d8972a3faf0022546

SHA256
96975506cfa9563dbdf01e03e8c4450b0ba085d04b204c7ffc372687e426bfc4

SHA512
f678d4af21f420df8b845d67bf00982e0a3126904da6467a61b604394fa9a641e1bfcbe73c9ebe9f9e49870ee116e5bdaccd245577a8c328af6047c00c3859b7

Download Submit