ea126bc5f10a51b1750b13e72c428811f5e6d54c835f39f0af0e6e3551432374

Analysis

max time kernel
142s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

storm+noad+v1.89/Storm NoAD v1.89.exe
Size

163KB
MD5

c68b182ffdb1dcc2b885ce920b568665
SHA1

fd4db619b09157d66ad98e0c9c2fa5a783a13737
SHA256

0dfb758a17381df8567d2a34e902aa809021ee74ba7fff40aae6ae3e8ebb7c6f
SHA512

86e191f3d40065017ef06dd9b6a2d1299769aa439dec8e2e4ce878f8f0b7e1389d76d2b8caa4a998269deaa3f7addedc2c7bbc55f805589fb11f13ef1c0e445f
SSDEEP

3072:ZgQWi/OM6UdaqEry9p8VF27JWQ68CGKcE:Zgaj67qErku27JJ63GKcE

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1060-0-0x0000000000400000-0x000000000043E000-memory.dmp	upx
behavioral2/memory/1060-320-0x0000000000400000-0x000000000043E000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe
1060	Storm NoAD v1.89.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1060	Storm NoAD v1.89.exe

C:\Users\Admin\AppData\Local\Temp\storm+noad+v1.89\Storm NoAD v1.89.exe
"C:\Users\Admin\AppData\Local\Temp\storm+noad+v1.89\Storm NoAD v1.89.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\Storm.ini

Filesize
1KB

MD5
d0801bf6eb878a1f65320146e79a7309

SHA1
94e11363e748123d2a3f3e60002ba53b01bbe39a

SHA256
da77d9e05893079474186a911f90acbe571daa4629624bc70011f5ec04e307b2

SHA512
e4961add21b14e8b39c6a53175964f4302baf400f762eda87ca1de4595d63b215dfc3fb57252c7229f6a90a7adee8868035119f63ac9be260dc025938e40a47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\Storm.ini

Filesize
1KB

MD5
99c4f899cdda8565c4d55615cca2ec37

SHA1
4d54791ef94cd7571cfc5d581bd2f815423b9936

SHA256
99727040ccd76ff0da697d57ac60d1b402afc7d65ded78a6a0b459fea0450499

SHA512
a41438209bba158864c04293397c061f4f02c09a3ec935c0f1e928545f5a481016a0a919833c56a8b13e9979cf930390bd45fa3116a93c2310d199f2ac6b82d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\ToolTips.dll

Filesize
4KB

MD5
9a0da2692764bb842411a8b9687ebbb7

SHA1
5c3a459faa08a704bdf162476897ad4580ae39bd

SHA256
28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

SHA512
814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB529.tmp\waterctrl.dll

Filesize
16KB

MD5
3d2a9eebe3b8d170cd5ddc4baecb4386

SHA1
4106951885c5d2168c74a192c2818228c2a67462

SHA256
491e350cdc0320a6a9cbc1470a5490fe29eec67624da63ea9301d1dc8199b6a1

SHA512
819c8a85941eb4b6ab998c0b768a8484c6aad536431dc9d426971c96f2d17e3decee7bd1d5be511cb830f4f2277728b84411d624221b4246d91959ea5d07a649

Download Submit
memory/1060-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1060-10-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/1060-320-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download