bf9f383bd10ca183ccf932eb42f55b47403164b21cf17df3efd9508db38d3960

Resubmissions

08-05-2024 18:47

240508-xe74fahf4y 7

08-05-2024 18:39

240508-xamlyabh63 7

Analysis

max time kernel
92s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WLmouseGM_V0109.exe
Size

32.4MB
MD5

3830f5ff021af01765d23d4fac6daa98
SHA1

66648cc19bf8e0275b347af7d52aaff270a26fe7
SHA256

bf9f383bd10ca183ccf932eb42f55b47403164b21cf17df3efd9508db38d3960
SHA512

23d8a92ea2b0540bfb2d8d7c61292fce05ef2c6d88099d143032913e18b0d4b5d4054bc4c4c40002bc889429b83fce9ccdfbeef608b73c4a14a3500f762cb6e9
SSDEEP

786432:TZ7RLKhz6x7f2l84Pa2KERgulK2WJDqENHE+tkZn14ZIjxjukzyKbynM:VR5df2l8ua2dRcDqENk2A+k0QuM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2412	WLmouseGM_V0109.exe
2412	WLmouseGM_V0109.exe
2412	WLmouseGM_V0109.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\MiSans-Regular.ttf	WLmouseGM_V0109.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\WLmouseGM_V0109.exe
"C:\Users\Admin\AppData\Local\Temp\WLmouseGM_V0109.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa5361.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa5361.tmp\nsNiuniuSkin.dll

Filesize
896KB

MD5
1834fd72e6a7387749d014a30b53d6ac

SHA1
e6c51f9f578e86e376501fc08f6d80cfe11bdb52

SHA256
148cb136ff5ae9711ddb869b5f22065ee89e13eaf5081ce39c07dbe89ccd97b7

SHA512
c8247a7916c718311a0f458cbb2133d77e3950609bb2c4b9470a9a7725a1d4d595422fb8c3c42f34629fd045675c72b221fee26a5188b9df4a0f3099857ec204

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa5361.tmp\skin.zip

Filesize
282KB

MD5
affe2bfd6cb2d8983dd7c5471fa491f8

SHA1
852c5675e589d5674d3fe04c9788b5f7f3fb8d9f

SHA256
d7148a83862ca203ec1bd363e3d820714768bbc0ad3283ea1b03588994709997

SHA512
fcb530d730b943c2ed0bd41077f0a1968fa70359d99092df65c281a239d4c0bdfbdffbfd83c1b2cf18c0816d6ed9e040f53a004992afc878f4c9eccf0c234df3

Download Submit