4de3002235ce6226446de1ba7f6639ef486e365dced2ea1be0299f80ad5eeec8

Analysis

max time kernel
99s
max time network
21s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 11:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

1.1MB
MD5

d4d4b5b204d8946575ee61c0f64253a2
SHA1

51996ac164c82358832b760faae47a4c838a57cb
SHA256

80edb8c3a3a93650573a4e3740d9f387477d2a80f2127bfdd34840302fbad260
SHA512

97bd9db61b59ab0636da30646d9ba837cb0bcc5f764659c17e773aa5540aad4a7e98efb01daa19fcead123b5a05fee49593a5aac0c67d3777720acb909397248
SSDEEP

24576:NlutM/GVY7lkcmLjLeN+526d4HGMA3nlk2Og0W0HUFJdEuX:NlKFWk1HeN162fA3naPW0HUbf

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2304	Setup.exe
2304	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsu3CD4.tmp\ioSpecial.ini

Filesize
596B

MD5
693280b9668b0ad7b671776974f199a6

SHA1
65a7209e17301ee449b70be6c99b382239f1b2f7

SHA256
8f10210c08858bb5624716fae20ae813a17a884e4a1cacdfc98c7b904dfd892f

SHA512
e14f16a73b6c1d8dcbfb4523b2147e7150fdb2488fe6f29c60931b1bc2c42bc541be22f44b38ef77d8f63a20540ccb2434fd21481b838a4a13f144ab18c14cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3CD4.tmp\ioSpecial.ini

Filesize
635B

MD5
70de49d3538cf440c9e74d6f947e6a8a

SHA1
ee088cc1bb7e38b181ee7995756c1803524f4abb

SHA256
16ef52a37e2b96c9dac14bc9d8e7268db68ed903f38f4c3177b21ebd2bffce2b

SHA512
d92b0e1d6593b5792cfef428c78335628efa64032996eadec256ee1bb1edfc24a515eeb7e23704f9ae32f45945f581a6b26bd77dee63847d3273eb264fef05ee

Download Submit
\Users\Admin\AppData\Local\Temp\nsu3CD4.tmp\InstallOptions.dll

Filesize
13KB

MD5
f372f97c34d69e6c9599d7103060f4c1

SHA1
ea742e6c73d134f64ef4f15067f81c63d6edef3f

SHA256
8c1c0ebe2df86cfbb59d787fa30c1d6db825b1162df0cafdb3df6119f337942a

SHA512
65b0539c5f59c9bdae4616c7e51d089090f31469edcc295f819c09aa989bc1dd9cd37ec71eda262545e5843ad94836edb58b50a8c8394905720eda8e0371a55c

Download Submit
\Users\Admin\AppData\Local\Temp\nsu3CD4.tmp\brandingurl.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
memory/2304-0-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2304-84-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download