Resubmissions

09/11/2024, 19:28

241109-x6zldatkfp 7

09/11/2024, 19:23

241109-x4at8stkap 8

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-es
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
  • submitted
    09/11/2024, 19:28

General

  • Target

    sunshine-windows-installer.exe

  • Size

    11.1MB

  • MD5

    8312c5f6b4975bd773854ed2a60ad055

  • SHA1

    6993de295c40c9fc81730eec58e0c32b9f6f159d

  • SHA256

    5608a618bc19fa3e21e6272d91d6443512da3c3965bd62e18092b4c7ec07cd29

  • SHA512

    a09a0009638f871fa4d2eda7863ab53ba1ca8ab8af2d5730a4c84475420faa45aaf3e20dc9cf4ee2b57097f35b6886d5ecb25a1731d0faa37027b90107e42bcb

  • SSDEEP

    196608:G3U2mDrnyHvZHyrKjS5/DAeT6LC6Gu9WP8EeszDQspgSV/p9gMsy8:YUlIv0rCOrNOWzug07FsSSVey8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe"
    1⤵
    • Loads dropped DLL
    PID:4868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nscFE37.tmp\InstallOptions.dll

          Filesize

          30KB

          MD5

          ff6cb85adb441e639dc58948651d54d2

          SHA1

          2ba0514b1e64ce4c13c987c30f1b6e61225f192c

          SHA256

          bbd81555abbfeff33aacdc8c34c307c2eb680953c7f4c4c02b20a8fe10e88bd6

          SHA512

          bf4c8e862b548011f7d465c82d3c4bc84e7836c4bcd943ffa6dbfbe95d43fc355cf00936cfc4db34822906212bbbc69271f356b74d70051b52cfb9b74f58149d

        • C:\Users\Admin\AppData\Local\Temp\nscFE37.tmp\UserInfo.dll

          Filesize

          7KB

          MD5

          8e1998776ffd1d578a80d603c55721fc

          SHA1

          48ff2d677739d0f34f6c8cda41258af3989f534d

          SHA256

          7616de346ee28e4314d8a5bf67575c0010b1b07c93c6c29798f9106589ba25ae

          SHA512

          90c0800e485bd56177576b1d245457427d15b81b475eca4154a65225b82fe9c2ae7f07b07d48a61a3f622c4b2a2cb0b834a5d0b0b895f5bbf88b5bdead2257eb

        • C:\Users\Admin\AppData\Local\Temp\nscFE37.tmp\ioSpecial.ini

          Filesize

          1KB

          MD5

          053a55bfa43b4a229022eb167e24dfc7

          SHA1

          073d6b52be3a0e948fdc06615a3e69495b8a5633

          SHA256

          41aa1ff939b78049b3af0eca52b7b7c5681493f54e01a23888aa884bab3b562d

          SHA512

          c247e497a4483d5523f6086d6219960ed15ef19a996df3d047399e371758d215bd1bb93387496961d00c9ce8ce7144dcc39634ee4e5e5a3557051944a11df789

        • memory/4868-89-0x00007FFC2B500000-0x00007FFC2B514000-memory.dmp

          Filesize

          80KB

        • memory/4868-88-0x0000000140000000-0x000000014018A000-memory.dmp

          Filesize

          1.5MB