8ffc036085a9e465fa52366aa43cd2a862c2a78c145425338dcca3db2f3158f4

Analysis

max time kernel
135s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PSPsetup.exe
Size

6.5MB
MD5

aafcfbd9e9751ffa14fb63eea1a2a21a
SHA1

d974f69b2c814304e0f8fdb2f2867796cb914f57
SHA256

43fe10471e24407465cad72321ef58cff8d7caf5f7734dbb6185b04a10b98e0c
SHA512

bafc9f0275e8afa953522b9486515ebba450e35e0b1a09ce98a1a7151554f16c1eb0d0324b80723eb535e8fd94d7b5cc9528efb9f3b146872e97b7a1ff050c23
SSDEEP

196608:Qt84RHDm/MODxdvh6WjncpafrM9AEPym8UD4GH:A/jm/pDEWjn0ErMymT8UlH

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe
4920	PSPsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PSPsetup.exe

C:\Users\Admin\AppData\Local\Temp\PSPsetup.exe
"C:\Users\Admin\AppData\Local\Temp\PSPsetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\Banner.dll

Filesize
4KB

MD5
258dd27107feabb1969908a9387a79d7

SHA1
80f85b610e57d6ab07988cdae60c83300bef6a8f

SHA256
f4fc1344c32ad1c075067c6abfd168a1815dbc6f97103e83e7e8e708230889d2

SHA512
e2df96efab3ea794e75b6a3c9038601c7abd956b41fbbcc4fb60013e0d319d9978f539dc0f944778d05d2e384192d918e06dce8bf76f355d0cbfd142313b9a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\System.dll

Filesize
10KB

MD5
2b54369538b0fb45e1bb9f49f71ce2db

SHA1
c20df42fda5854329e23826ba8f2015f506f7b92

SHA256
761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f

SHA512
25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\inetc.dll

Filesize
18KB

MD5
d10b6bf2a8e89632a9a25eeb056bd1fb

SHA1
dc8585c46bb9bf33d244a6c9b83790c94023d9fa

SHA256
e72ed04c48dd5e980639e4cf016e69c193d9a3016f847b6aa158131905688827

SHA512
f23e98eebb367de3a69e695c355340b93b9949236244c630e2b8cfb2dab79ef38372c7d44faeafa5731a88a717c19ed9ab60f11274c1c3cc4fdc794ded12a079

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\nsDialogs.dll

Filesize
9KB

MD5
c6284e23cd7e4d11db8298deb4541083

SHA1
e338686c7579620383ab8cc5a51bbb8d846f60cf

SHA256
79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f

SHA512
72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA77C.tmp\qita.dat

Filesize
1KB

MD5
8040f290234db6a4bbef778217ba0f1b

SHA1
a66de87c6e46a6d4982bbf3606190eaa6fd21fef

SHA256
207dbbd514de231ecc5b0b530518e50a33525b39a5e9c3cb0204cce27a574fde

SHA512
786388411836dc427794fd742222f2f6a487b70a15b190f0b435fe10dc0bc054f1ae3d5257cd1f931013383c0f08355065e54ff1a345856ddda13a200d8f5988

Download Submit