Malware Analysis Report

2025-08-10 23:14

Sample ID 221031-1z3k8sedep
Target 4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe
SHA256 4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe

Threat Level: Shows suspicious behavior

The file 4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Enumerates physical storage devices

NSIS installer

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-31 22:06

Signatures

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-31 22:06

Reported

2022-10-31 22:08

Platform

win7-20220901-en

Max time kernel

43s

Max time network

48s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe

"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"

Network

N/A

Files

memory/1184-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsj25FA.tmp\LangDLL.dll

MD5 8be27f3bdec2b49d0a6a674716622304
SHA1 70d17db576ed484a4c0195571118d307fd4dc1b9
SHA256 4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47
SHA512 add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

\Users\Admin\AppData\Local\Temp\nsj25FA.tmp\InstallOptions.dll

MD5 d61d6c709e7947296603059f8bedeba9
SHA1 bdcfc90c358c82be43ef85727a7bdfebbd6d1b69
SHA256 65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63
SHA512 ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-31 22:06

Reported

2022-10-31 22:08

Platform

win10v2004-20220812-en

Max time kernel

91s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe

"C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 104.80.225.205:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsw673B.tmp\LangDLL.dll

MD5 8be27f3bdec2b49d0a6a674716622304
SHA1 70d17db576ed484a4c0195571118d307fd4dc1b9
SHA256 4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47
SHA512 add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

C:\Users\Admin\AppData\Local\Temp\nsw673B.tmp\InstallOptions.dll

MD5 d61d6c709e7947296603059f8bedeba9
SHA1 bdcfc90c358c82be43ef85727a7bdfebbd6d1b69
SHA256 65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63
SHA512 ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b