36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe
Size

323KB
MD5

38782eadb15cb53646173cf127a40ca7
SHA1

5dec8c5301592d3262e21fafb9c14a3966e702ad
SHA256

36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d
SHA512

52b846284dbdf37e5ff2f8e0dbb81da88e44ce4b9c1fb3f3a7ec24594f7ff166fb44ae902d3eec97a0266ebdf701c3e00633c0bc02894a7a7c1fc8fdb5394118
SSDEEP

6144:cnPdudwDFfbWtliXpBnofeuS+t+wsbxz5JDauniofs+b1ajWIh+QJx6l:cnPd1WC5Bnq30ziuniF+6Wc+Kxy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3520	Un.exe

Loads dropped DLL 2 IoCs

pid	Process
3520	Un.exe
3520	Un.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 3520	1644	36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe	83
PID 1644 wrote to memory of 3520	1644	36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe	83
PID 1644 wrote to memory of 3520	1644	36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe	83

C:\Users\Admin\AppData\Local\Temp\36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe
"C:\Users\Admin\AppData\Local\Temp\36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsrB131.tmp\System.dll

Filesize
22KB

MD5
662740bb61022c673dca1f539692a881

SHA1
3c3a6db52874ab31d85da05af8bc5a3e64367033

SHA256
7a1f5593fd4090a0cc5028bcd8e4e2b4a1b017f2b98ba8c3f39e5ea38721a77c

SHA512
ebfc19bafe09b2480217c02f202e5de46d8c541dc71c32a821f5caf415e9569b40e7b355a5639cd7f9c52605ca1fcbd48cd7184bc2fa55353eef579db1e4f9ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB131.tmp\nsDialogs.dll

Filesize
19KB

MD5
31e9d33a51ec14b061b13a07357d5597

SHA1
a0c457597b90dc7d1166430c9583e75d25bd0087

SHA256
d90e03598b0cd62da697e0eabea712e4d277ac179cfacad5b9ca0c753368dcd9

SHA512
bf2bb86a27a5e8cf5d3ce19bda7d121fd6025f97f0ea626b986cb304db5e1ec203b9106ef023ba608f10f4d8a348cf24de92d117c70a8a7686b09950d042bc30

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe

Filesize
323KB

MD5
38782eadb15cb53646173cf127a40ca7

SHA1
5dec8c5301592d3262e21fafb9c14a3966e702ad

SHA256
36478e8dff8ce717945ad057a0da0b2b7c3cd5022702e90f625c482ed549d03d

SHA512
52b846284dbdf37e5ff2f8e0dbb81da88e44ce4b9c1fb3f3a7ec24594f7ff166fb44ae902d3eec97a0266ebdf701c3e00633c0bc02894a7a7c1fc8fdb5394118

Download Submit