Analysis

  • max time kernel
    143s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 10:21

General

  • Target

    HotelMIS_special.exe

  • Size

    4.4MB

  • MD5

    28c496e7858fe08d033471188758ae05

  • SHA1

    f9e2b499793571e63eeeda42fec5f35c29ac4d8e

  • SHA256

    6a6205ae89cf59a35824fe19cf0b43f040bcf17aa38cbea4667483eda5371f88

  • SHA512

    fa04faa33dedadd87846e907ae31f9b80d1fefd843373a9d1dce74ff33a1e9fb32c58f918dabfc718e80e5917122eed639a11971bb32e82fc81fae7871920c64

  • SSDEEP

    98304:Au7/6DqskEQHVuiI6u01OwmjeDc470I7iL4rSkzF7HBVroZSfvfmMluFIcQE/SiG:z/6mRNVuiubKDICSk9/tjlR3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\HotelMIS_special.exe
    "C:\Users\Admin\AppData\Local\Temp\HotelMIS_special.exe"
    1⤵
    • Loads dropped DLL
    PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsxE63B.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    b18dfaded8f6d2380fdfd8f6b6969211

    SHA1

    969fa0e906240ab1123254feeb833c275626cf76

    SHA256

    747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    SHA512

    25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

  • C:\Users\Admin\AppData\Local\Temp\nsxE63B.tmp\ioSpecial.ini

    Filesize

    600B

    MD5

    5ce3858477e5795a9ce219916548775a

    SHA1

    c0a98d15de5df75e60c740943a9a7da2ad8b405a

    SHA256

    c7da40d875416d13d70ab191233014feecbd7d072183a9c1900c0750bd90a1e2

    SHA512

    a8b7c060b3dd259d5d97e42f3c40e6b5c635bcff769fac5298d82c2b88ed9439d6daffc02e8caa5a0a41449b233701f6de4ee1b680096fa05730712d42f51a24