Analysis

  • max time kernel
    93s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 09:29

General

  • Target

    MassScan/winpcap-4.3.exe

  • Size

    423KB

  • MD5

    ae26452c8b3d97ef2037521ac0dd3a8b

  • SHA1

    3ad99ec2bf6cc4f947bb09be627c91f82a898aa8

  • SHA256

    f28156a96be558dfb83a3d935223a127816ad124b94f92c499400c38078ad842

  • SHA512

    f5012a9600542b46eca137f41d58d6a6d3071aa36ca2b4c0f0119639cdf051c0a0e597c674583c4ec5753f8368ca121282acbf084930d2b1f30671f2032448d9

  • SSDEEP

    6144:MsNaGdmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2G:AG4kDdc8L4bQA5qt3CxnkLwlQFPcOLJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\MassScan\winpcap-4.3.exe
    "C:\Users\Admin\AppData\Local\Temp\MassScan\winpcap-4.3.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsdDB7D.tmp\System.dll

    Filesize

    10KB

    MD5

    5c22bbf6730572e50eed4108af6081df

    SHA1

    8a13196f4d47ee7de2e35509058db954db10c72a

    SHA256

    3198d832c222a9907d3d5822116c944fd1c6670a263b775212104a9ecf88beec

    SHA512

    264b194a50cb523f5758569d918b5f60cb2959c4d091ae6712efc95644700a7bc2bb440a22acdf2285b754691a9cc04633fcc7c5b354dae75c7260d6b27ebb18