Analysis

  • max time kernel
    95s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 03:48

General

  • Target

    HA_SendLink191_Fire.exe

  • Size

    481KB

  • MD5

    c70f92533a5e197dcfdcc2c5edbdd98e

  • SHA1

    aab8d6bf5dec47e89bd34ad036b4edbc73444563

  • SHA256

    38a285fad90354c149689c2edcfbf2fa37441582fc97abfd4969739bc7df8c02

  • SHA512

    fd22a20825ebd1342003210306a3bbf4f1cf9c80d819558543c98f73911b458f71de5d8294e689f265ec2e1366e19522346863934f836fca1fcb2d7874217dc6

  • SSDEEP

    6144:FhF2fYDYYD+y82yhRHFSky3XEMV22Jl1F2BjplvitfMLuBTKP1265He0alrUHLY:fUTXJvHFSky3VV5Jl1F2BWBu126deHKU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe
    "C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3624
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x300 0x46c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nslBBEF.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    1e8f2fefe3ce893b117b26948b8978cb

    SHA1

    59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

    SHA256

    8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

    SHA512

    b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

  • C:\Users\Admin\AppData\Local\Temp\nslBBEF.tmp\Splash.dll

    Filesize

    4KB

    MD5

    e07ad0d2f86ddf926911e3d2dbc2021e

    SHA1

    370c93de8c9ba9549b0a646b329cb8d2fc7c91f8

    SHA256

    2ada4d9531a62772ddd7eeb0737fe91925982c543990d9c0d4faaadde12b7ed0

    SHA512

    c13747e3cb2d6712f3bf19bfe1bbbab47763239a4e21bbe685edbedae98bda9c7b8e4e06c22e8b7737752a3c3129e07c91c00b6e90ac741e891bc1bfa966fdae

  • C:\Users\Admin\AppData\Local\Temp\nslBBEF.tmp\System.dll

    Filesize

    10KB

    MD5

    10c44246d99a1c2e5f5e6b52b111a63d

    SHA1

    0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    SHA256

    7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    SHA512

    e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

  • C:\Users\Admin\AppData\Local\Temp\nslBBEF.tmp\ioSpecial.ini

    Filesize

    609B

    MD5

    27a81c1e326f9a089cce0835e4a4ee7d

    SHA1

    5738a2ddf634f4c05837788db761b6f21af3b964

    SHA256

    a9efe9d3e50a54b7dfd6dae11efa9de92eda88080551be094721e297a8e7a560

    SHA512

    adc6c687397a2e676f1fc8ce6b764065be2e3b18de03b2617c15226a7fe14252112e6ada8a5cac795dff3bcc94040464fa89ac86a2180792450d69b94ce7f285