Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2024 07:01

General

  • Target

    69320ed091c0b632eaddf8dbbf8b98c0N.exe

  • Size

    108KB

  • MD5

    69320ed091c0b632eaddf8dbbf8b98c0

  • SHA1

    27b247221b3bec01d087d284898515be719cd13f

  • SHA256

    63cabe3f1b32a786c66ca4c54160cd6676514ae67e0342ee08e0d0466a7e5ac1

  • SHA512

    b1511a57f64724ee7a74a0bb688e16e214f4c0b75f86e46597d1333e8adf58f033b91d69cf10f9842e6a9c15be91eb7d57aedc1a37483765814f35c8ed73a5d9

  • SSDEEP

    3072:PKL0xw3sSx2bPnJ45GGeTh+XDknO3fYoquuB4:P2sSAbxZU4GfYoquG4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69320ed091c0b632eaddf8dbbf8b98c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\69320ed091c0b632eaddf8dbbf8b98c0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2384

Network

  • flag-us
    DNS
    up.int-ic-4.xyz
    69320ed091c0b632eaddf8dbbf8b98c0N.exe
    Remote address:
    8.8.8.8:53
    Request
    up.int-ic-4.xyz
    IN A
    Response
  • flag-us
    DNS
    up.cp-doub.xyz
    69320ed091c0b632eaddf8dbbf8b98c0N.exe
    Remote address:
    8.8.8.8:53
    Request
    up.cp-doub.xyz
    IN A
    Response
No results found
  • 8.8.8.8:53
    up.int-ic-4.xyz
    dns
    69320ed091c0b632eaddf8dbbf8b98c0N.exe
    61 B
    126 B
    1
    1

    DNS Request

    up.int-ic-4.xyz

  • 8.8.8.8:53
    up.cp-doub.xyz
    dns
    69320ed091c0b632eaddf8dbbf8b98c0N.exe
    60 B
    125 B
    1
    1

    DNS Request

    up.cp-doub.xyz

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyA593.tmp\ButtonEvent.dll

    Filesize

    4KB

    MD5

    55788069d3fa4e1daf80f3339fa86fe2

    SHA1

    d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

    SHA256

    d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

    SHA512

    d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

  • \Users\Admin\AppData\Local\Temp\nsyA593.tmp\NSISdl.dll

    Filesize

    15KB

    MD5

    7caaf58a526da33c24cbe122e7839693

    SHA1

    7687112cb6593947226f8a8319d6e2d0cdef3b11

    SHA256

    19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

    SHA512

    aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

  • \Users\Admin\AppData\Local\Temp\nsyA593.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    4ccc4a742d4423f2f0ed744fd9c81f63

    SHA1

    704f00a1acc327fd879cf75fc90d0b8f927c36bc

    SHA256

    416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    SHA512

    790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.