006db7d6e7d4857ee812495adbacd144581dcf9c604a80d0fa5a4f7595ea5478

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

obs-nvenc-test.exe
Size

20.7MB
MD5

32f64623fec3bfe1ba54f43982bbe7f4
SHA1

c03c2f284d6d1e41c0ef410477e115e762f8d645
SHA256

006db7d6e7d4857ee812495adbacd144581dcf9c604a80d0fa5a4f7595ea5478
SHA512

8976d7873f63fb49365773ebf893871b3c130225037ab078bc7d3469b2c14cdc224dabb714b35809596975f34944814f72f18a9acdf02521f373cace77ddbe5c
SSDEEP

393216:fVSaIRrkw55ZETI6DQIoyOw8nYexXlKKO6wvpAbIzvkNQGN:dSrRrkQ5aTI60yOw8nYexXlVO6A3LoQa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2768	obs-nvenc-test.exe

Loads dropped DLL 2 IoCs

pid	Process
1696	obs-nvenc-test.exe
2768	obs-nvenc-test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2768	1696	obs-nvenc-test.exe	31
PID 1696 wrote to memory of 2768	1696	obs-nvenc-test.exe	31
PID 1696 wrote to memory of 2768	1696	obs-nvenc-test.exe	31

C:\Users\Admin\AppData\Local\Temp\obs-nvenc-test.exe
"C:\Users\Admin\AppData\Local\Temp\obs-nvenc-test.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Users\Admin\AppData\Local\Temp\onefile_1696_133719359034888000\obs-nvenc-test.exe
  "C:\Users\Admin\AppData\Local\Temp\obs-nvenc-test.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1696_133719359034888000\obs-nvenc-test.exe

Filesize
13.9MB

MD5
aee2e64955fd69e39e28ab0dc8c5677b

SHA1
2a7266002b17018ce9f152b68e6d85a4d613b579

SHA256
62759a931f772a58bdb59b7f16a30fa400ab9c3bebc69675bb8cde4df2c6e7ab

SHA512
ad5c734836e8abfa01117c217756ebdb81b8fb6c0d69dea686a8697ea1cd27c615070406c7e04a3534c939be9627e3914891c93772f359dab3ded6af0f0559da

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1696_133719359034888000\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit