1d6300fb759d3e44fc515c37bce65201e9d3d7430a7c7a65651162dd1f69f60c

Analysis

max time kernel
93s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ibaAnalyzerInstall_v6.6.1.exe
Size

23.6MB
MD5

75728b028e7eacbda9e0e77fd4b34d41
SHA1

daeff7ec7cbb8d31aa9e983a7aefe32ecb50fc7c
SHA256

1d6300fb759d3e44fc515c37bce65201e9d3d7430a7c7a65651162dd1f69f60c
SHA512

b30b8319a575bc45e7adc7b29c10f05ec4c7150ee1802ca0583b61a45ce30fc3c0d7de2a375b4b427b719da596ac25f82debb50bf25d22e7586cb7b02a6a1e5d
SSDEEP

393216:J0FN2eH6CKsCH/WLox54PGPvvx/g5tSXaN1fQ2nGFz5qG0ACL4afVcHH2h2hezQd:JC2eaCKsyjx5tPvurSqNZQ2GFcGeLcH3

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
4956	ibaAnalyzerInstall_v6.6.1.exe
4956	ibaAnalyzerInstall_v6.6.1.exe
4956	ibaAnalyzerInstall_v6.6.1.exe
4956	ibaAnalyzerInstall_v6.6.1.exe
4956	ibaAnalyzerInstall_v6.6.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ibaAnalyzerInstall_v6.6.1.exe

C:\Users\Admin\AppData\Local\Temp\ibaAnalyzerInstall_v6.6.1.exe
"C:\Users\Admin\AppData\Local\Temp\ibaAnalyzerInstall_v6.6.1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\SimpleSC.dll

Filesize
61KB

MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\databaseoptions.ini

Filesize
444B

MD5
4359b35cb2b8e762813b3f2974b644d8

SHA1
af945f5cc9dada9ec4463ebcaa9f178a392a1841

SHA256
b924930dfbe2708105fb2e8fae41abc01f1f75fd080572b1fe8451338c7605be

SHA512
3718c642c7fe3c6275f8cbb38faac0db9aec120633f58e027036199450cf15a83bc844c40f20e14c9ed20335b35659f61a9a330359a0a018e3cf983b497651b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\ioSpecial.ini

Filesize
726B

MD5
31380f260c977ede38e73495c4374e5f

SHA1
ccaca0c7335acb43f8c92b74e5417b17048b7661

SHA256
8985ea7f4269bed66854c29b126fa1ea337329cea70eae7933241e3ff9773bdf

SHA512
3987a5edaabaf76c7672c45234dd27de6cdb16b6726799c46ba18c963087b37706d2972e41901c8e5e325e780b2062d1b94b23446a936019561bedc84d105866

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\licenseserveroptions.ini

Filesize
696B

MD5
44abae94e66da16f5f945451f13864f7

SHA1
82735f381943c0082984f21f60492897caf9f28e

SHA256
e94b53822069274f4f0de48c853f4fc13f1d6e3ca385ee7d8161943a83495463

SHA512
275f6c12ea7ff6a7af1d52324837d29c27227c9ddc3727100a45e3b3946f597521a64854980b8551a3e03eddc566a6df3364cc8abbd0eddd1946f4adf8e7a842

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C90.tmp\licenseserveroptions.ini

Filesize
731B

MD5
a90e9fc856238b5f2db5a221abb841d1

SHA1
9a83e88c6a850c1fa0942d77e638156cf550cb77

SHA256
589f226ef4dfcff0f94c88dab878bddaaa308f80591bd5fd83bf520fc4c628af

SHA512
be5d0dba47883f81c24f74eef5fd60b6bfddba6035902af6696cd40fe83d7c332aae19f27bfe85812c70cb1875e023fa7b08f84575f0ff352acdc89f169f8251

Download Submit
memory/4956-98-0x00000000048D0000-0x00000000048E3000-memory.dmp

Filesize
76KB

Download