Overview

overview

10

Static

static

10

nasial.exe

windows10-1703-x64

7

Resubmissions

04-10-2024 16:44

241004-t8yv3syhpd 10

27-09-2024 16:54

240927-vepkzsvbre 10

27-09-2024 16:44

240927-t86wpavard 10

04-08-2024 18:04

240804-wnq1vawbpg 10

03-08-2024 17:26

240803-vzvbzazekn 10

03-08-2024 16:14

240803-tpp4tsshqa 10

03-08-2024 15:52

240803-tbarzsseqc 10

31-07-2024 19:40

240731-ydk3yszdpq 10

31-07-2024 10:53

240731-my145atfmf 10

Analysis

  • max time kernel
    17s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-09-2024 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nasial.exe

  • Size

    2.8MB

  • MD5

    7cbae878c5e7f1ef96d351489e10d756

  • SHA1

    c6117aaa6084399d37f06ab454b7f53470d88b1e

  • SHA256

    1aa7778da7aa6b68f649b53c8346a853f598f4c1681cd978bec1cf75ce4accae

  • SHA512

    133bda116b1488878911090e5708370a7c79296711cc6886dfe249b565682038d57663b6ee513e9171d0ec47379d973c498e149a7b47f0f2c2c659b4e8221b89

  • SSDEEP

    49152:q1Ox2H5JQKV4th1F3151kjli7/Ofyig7pglKIv8Pb438KIoQGUdfB9fGQJGj4NWj:q1Ox2H5JQKV4th1F3151kjli7/Ofyigq

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nasial.exe
    "C:\Users\Admin\AppData\Local\Temp\nasial.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Roaming\NCH Software\DrawPad\DpEditor.exe
      "C:\Users\Admin\AppData\Roaming\NCH Software\DrawPad\DpEditor.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4844
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1468
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\AddUse.mpa"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\NCH Software\DrawPad\DpEditor.exe
      Filesize

      2.8MB

      MD5

      7cbae878c5e7f1ef96d351489e10d756

      SHA1

      c6117aaa6084399d37f06ab454b7f53470d88b1e

      SHA256

      1aa7778da7aa6b68f649b53c8346a853f598f4c1681cd978bec1cf75ce4accae

      SHA512

      133bda116b1488878911090e5708370a7c79296711cc6886dfe249b565682038d57663b6ee513e9171d0ec47379d973c498e149a7b47f0f2c2c659b4e8221b89

      Download Submit

    • memory/1992-0-0x000000000041A000-0x000000000041C000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1992-1-0x0000000000400000-0x000000000079D000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1992-2-0x000000000041A000-0x000000000041C000-memory.dmp

      Filesize

      8KB

      Download