Overview

overview

7

Static

static

3

IDAPortable.exe

windows7-x64

7

IDAPortable.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ce.dll

windows7-x64

3

$PLUGINSDI...ce.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDAPortable.exe

  • Size

    117KB

  • MD5

    678eb6b7dddbd6506f111118b974f715

  • SHA1

    100860283ba8248a17e0c37ea108b9b7439c4b1e

  • SHA256

    3d549e8a2d10c10c05263a804d7947fd6dcfdb362d3bc615e8c93e85e846fb72

  • SHA512

    1900e0eb6d3fc4ecd79de902497246aafc98c41aebbf816ff02070f5c087d674323113e7283128e27fb229f4fbf923c14b3cf2895d31a49220ee97c4ca45a7f5

  • SSDEEP

    3072:URD+3q3NxPTNuqG7GiAtGn61v5Wj1bvue6c5ny8Z7qO2G5:uwq3NpFE0Gn61855HXx2G5

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDAPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\IDAPortable.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl63AC.tmp
    Filesize

    292KB

    MD5

    1a9a5575187a940bc08a8c7b02b12320

    SHA1

    f32ff13b8f29cb5c0f77a6362c91f469b4a61fa6

    SHA256

    2aa5fa7ab83713bf5624cce86b11ee2e8afcbdca883c1eda99ca5c8e7548d05b

    SHA512

    d04fc3c3856de6cef44642355d2bf59952d9f08b7af1c00f02cbc7f4d783d24a72f5099555ccfb3fad052b019a815fa06145c7dc9a4654dc159babcd10b4389a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl63AD.tmp\System.dll
    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    Download Submit