6e031a922ec21c373530a64d03151229faa39473a1044765f2a81f6c0589cbb4

Resubmissions

24-02-2024 15:39

240224-s3pjsafg69 7

24-02-2024 14:20

240224-rnqmvseb57 7

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dimension_Souls.rar
Size

66.8MB
MD5

0fb02340bf291c965a552c1178131ea3
SHA1

310f61decab8d2733dcb1e26e5a720c431c74e7b
SHA256

6e031a922ec21c373530a64d03151229faa39473a1044765f2a81f6c0589cbb4
SHA512

ccfc86e476ec40e73df99e98612da6f9c3eb8ecc803db89b366900540da1d8a1c13ad2741e7120784547864522eb824a82d2677154b8b17c47b459ea4c28e074
SSDEEP

1572864:1rziNx5qFeb8I+IUh/KfHWFK76yFBuZCQtg50HWwdMfXPQpTv:Ax5qFhKfhOy+4WBHt8XP4Tv

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2328	Dimension Souls Setup.exe

Loads dropped DLL 2 IoCs

pid	Process
2328	Dimension Souls Setup.exe
2328	Dimension Souls Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1856	7zFM.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	1856	7zFM.exe
Token: 35	1856	7zFM.exe
Token: SeSecurityPrivilege	1856	7zFM.exe
Token: SeSecurityPrivilege	1856	7zFM.exe
Token: SeSecurityPrivilege	2328	Dimension Souls Setup.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1856	7zFM.exe
1856	7zFM.exe
1856	7zFM.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1856	1868	cmd.exe	88
PID 1868 wrote to memory of 1856	1868	cmd.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Dimension_Souls.rar
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Dimension_Souls.rar"
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1856

C:\Users\Admin\Desktop\Dimension Souls Setup.exe
"C:\Users\Admin\Desktop\Dimension Souls Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2aducpZk93SEXCEGDJ0nkRySNBJ\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\LICENSES.chromium.html

Filesize
535KB

MD5
37fb6c90b966cecd89863b4100cd5da4

SHA1
10e729dd068f8c40c4f9bc765e0ac225e94add41

SHA256
ccba502bb73757c807b336a9952bb448978dd14ffcde353e1a34884365fbc1a5

SHA512
86cb72f331a0de7147658c2ebe775ae512cb72257a3a621ccb28ab30e2f02a7ed765abf4da350a71c34b1d53906efb369ead7efae62579eb116e5069ed2a6d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\d3dcompiler_47.dll

Filesize
526KB

MD5
1b52d5c4ca9bc0a89a3f662c67c08478

SHA1
e36650aa50a71235eaede1cdc78a99f706927510

SHA256
56aebcd5006fcb8580449b7639c50fdb10da11266d4d0db7c6be3657dfa846d7

SHA512
fc8ac066518130bb1cc6aa831d038b833b1e7c8795b2e5ad58393bf4ce0d2162f1fefc779f9ede3fc2b2c4f2fc89d4110d67ad2043b2021cf52a6eaa5b24e13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\ffmpeg.dll

Filesize
610KB

MD5
976c4275e418560d4a0008441ffd2bfa

SHA1
c375366f1212ac83c60e6dc7f90a18916022d4d2

SHA256
0908cb738cb66088b4725ce0b949828849c7ca2008a0a605197cc3a4f3d4c4d3

SHA512
5f7d81d6c5d3476fb284c5d478b6caa9f01b5389d5342da70ed17512b3804972d47c9898058f853050f52d184942f0f53d6228cba5d2f6e7e3b79852c60bd79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\icudtl.dat

Filesize
369KB

MD5
d6c1cbababad4292983caf9754f397c2

SHA1
d33e9fbacf73e6b954762d50f2ffd8f1b7726974

SHA256
5d5c1845cd450a355118c61c734bfba62de99232412e548a83ef71730c14b2f2

SHA512
9d6a804cd198c6a8600d7e7274508dea87eb455b01c42935b1d30811fea8ba1f69518dade96ff93efc8a69c80581c3ad172f2397e16e9ca947f4db8c73d36194

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\libEGL.dll

Filesize
468KB

MD5
09134e6b407083baaedf9a8c0bce68f2

SHA1
8847344cceeab35c1cdf8637af9bd59671b4e97d

SHA256
d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577

SHA512
6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\libGLESv2.dll

Filesize
422KB

MD5
fe91d7f18f44268978cc7a0c41bef522

SHA1
a603d6c79bf63ab3e3376b5c6a6404099904a7f7

SHA256
68410bafcb148e5785d3ec839af66c2e1d53b44d83c9ce68434f2a9288b19922

SHA512
124d99e4b5f5dd9c60df8b284f91b3cce6fb5f894c2fced7ca9cbab6ada7baadc9dd50edacd65a629ba5eeb0cee4b11f82f0ea9667f4b40a3b739c1f11bff70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\7z-out\resources.pak

Filesize
574KB

MD5
5c61064ef0f00b07c073daca4d16c7d2

SHA1
5a3f49ff2f985c6140b561d033ae3094ccb699e7

SHA256
57e6e83721bea7a964b97c99ce22ed55f5c7dd2098fa6e784591950094feb4ae

SHA512
fbaa1dec7d64b76200795feed055717e073bf229508cd3bcb3b0dc38b029cab6051aeeba400d9bb930cf1d969f07931e8637eec39e266e8938f19c622743bb38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn7110.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\Desktop\Dimension Souls Setup.exe

Filesize
14.5MB

MD5
170f58c2301e7d21e7c0902fc3a543ae

SHA1
ad8bca3a61b4c967c482d86cc171f24bef41238a

SHA256
c02f42ccc5a803f0cf92a89bd7b665afb07473e2292254d0d24f90aa9ad89529

SHA512
7af94d1582c5cb69dc816b49d6d196fe16195c6a371b2d1b1a33cfcaa27c66b10a1de18a83b5cbab3bdf36bbc25ab40fa656f624aee0a27b70a5dea88261388a

Download Submit
C:\Users\Admin\Desktop\Dimension Souls Setup.exe

Filesize
17.1MB

MD5
1ecdfd00eae9ff3a5e111bc923454864

SHA1
23943e157ff0125f763489e82e65f2c5cebe76f7

SHA256
c6eee0653c2e164fd73a973634e86653f4dc7c3385d89672538f684a2660f675

SHA512
4789bab50272c6c6405b173abc643755fdd337aa6c509b24751104a90bd20bbce72d75a0ab715c74b6d3aba310c23d8a23471fe46ea76c529528b05aa2707cb1

Download Submit