91dc0fbda1a4584fac1c9e0a75c5f64a7755092562170b6058a172fd6aa2efd5

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

49KB
MD5

e3eb0e9417e3170ae5220cee53b02683
SHA1

c13f3c4182bcf58a12de3611b51b944693e8a691
SHA256

2c845c1539144bdaafd4029e20b4d4113fad4f7a875c62c681850cf5dd0c95c8
SHA512

0bf9d48c28715265dfaa0e42ad022dc344973f6fcf6cd58a6658a6cc12bc4ab535f2a87d253d74a5d3f8708a36f19e959498121f23da1799ef71ca1fbdac3923
SSDEEP

768:8/UpAHiGjRQ1kkjH918xnyzOp7OssT1pF/O71mJ/Xgd2iZQAm6kRRS+NoJRnE76c:gUeHiWRgkkjH8nyWmJfgdLeAyN/76c

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2996	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral8/files/0x00070000000234b8-4.dat	nsis_installer_1
behavioral8/files/0x00070000000234b8-4.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 2996	3340	Uninstall.exe	84
PID 3340 wrote to memory of 2996	3340	Uninstall.exe	84
PID 3340 wrote to memory of 2996	3340	Uninstall.exe	84

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
49KB

MD5
e3eb0e9417e3170ae5220cee53b02683

SHA1
c13f3c4182bcf58a12de3611b51b944693e8a691

SHA256
2c845c1539144bdaafd4029e20b4d4113fad4f7a875c62c681850cf5dd0c95c8

SHA512
0bf9d48c28715265dfaa0e42ad022dc344973f6fcf6cd58a6658a6cc12bc4ab535f2a87d253d74a5d3f8708a36f19e959498121f23da1799ef71ca1fbdac3923

Download Submit