b6073a335b57ff3ba40ee7c74c5b429d135202cbbddd9c04564e542951049a8b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lkmn720.exe
Size

3.6MB
MD5

404ece6a558287207db9c7cc0b520327
SHA1

d105136321f80f70487b8bf4b35f6e88e13b4588
SHA256

20ec52540eadb58fc60e259eda7407de404e748139eb6f3a72e39e7c87bae797
SHA512

887ff6e58cdf4a81d5623d06da67394682fa859280bf78ede580d62ed58ae247240167b5bb1b8f8bcacd4084fa1b92fbae680a128b511a849caef73fd9b71fbc
SSDEEP

98304:dTfBWiLtQTvoVtNv4oRVfT0Qv3/z0GBOfo+n1sfj4wzpkM:drwiL+IRtVfT0gwGBYn1sfjrdkM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1700	lkmn720.exe
1700	lkmn720.exe
1700	lkmn720.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1700	lkmn720.exe
1700	lkmn720.exe
1700	lkmn720.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1700	lkmn720.exe

C:\Users\Admin\AppData\Local\Temp\lkmn720.exe
"C:\Users\Admin\AppData\Local\Temp\lkmn720.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstCA53.tmp\ioSpecial.ini

Filesize
534B

MD5
a99308c114cfec0b0ccbff12ad7c9591

SHA1
57e320852d5bfc2e04e96c2ac67958bd029d006d

SHA256
68bb9a500cd7e63887860ea41c5a55c358662cece3c1a7894bd17845c00fdd5a

SHA512
7a706f06c137b753d2f62256574112d028b38c5ad85fa5c1a7ead0aaf95d3fe46d38b2eb4a65e364469db100eb35bc487e129f444da589180da957dba7639f79

Download Submit
\Users\Admin\AppData\Local\Temp\nstCA53.tmp\AdvSplash.dll

Filesize
6KB

MD5
820a1351ad064f75154b4f768b4d6fa4

SHA1
00d47f11f88be17fa7c94cbf70e72c7f3b257dde

SHA256
36e50c5f900e498b38bb42ea4b7cb14e5cb433807669e56e8c78d9921cf61270

SHA512
9d28325b0df6ab4e469f787cdd9f3bee83a2c98a13c695aac61cee61301ebce84551babc1b7307efd28ca78768293884a39ae7cf3f1ad1f11215691add49528d

Download Submit
\Users\Admin\AppData\Local\Temp\nstCA53.tmp\InstallOptions.dll

Filesize
14KB

MD5
296a5f3179fa8d7a7a855eaf696ede44

SHA1
57aa5b71553ed282dd22c768e039a187f5c13f63

SHA256
ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960

SHA512
bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6

Download Submit
\Users\Admin\AppData\Local\Temp\nstCA53.tmp\nsProcess.dll

Filesize
4KB

MD5
a304fba25947dd17a81e74f8064a78d8

SHA1
3c31b8351e1d2886cad5ff8f83fb2d5aed04750e

SHA256
2a361dd5558a2ae21250144686eb8066e23a2ca1ece66c8a1cde56aa0191858a

SHA512
8da9688b09bfd7408d69c77ca74531733fa162b509b05a20ce3980072a6fdff53b76e5cd41c44ff81f2556a3b4cc00417ba51fc2b2a4061a2e133629028e072b

Download Submit