d2488c3b9b1d9e7276b6db97870f5c07fcbcd6fe34e84bad1451bab306c0d08f

Analysis

max time kernel
103s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 14:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

mpkcd-v2011v1.exe
Size

5.7MB
MD5

650a6e3b76135edd1f0eb4b3311c60cd
SHA1

7c544d3041d802b2f29de77d4e7b5606fa274ebb
SHA256

07beb2ba176c7ca59b32705af577c45590f2c7078cc4f8c49ec7e5dc08bf26ae
SHA512

0708a0f90aecafab630b32604cbfae8abcfbb18e2ade7868c5ccf090b502954c8405df0f5a7a976d39ac93f7fef28594ce4deab6c6f2b1d113efeea614fcd6f5
SSDEEP

98304:3b7tcgylpu2VLmBn26ooioGbC+fjd4jgvzt2tWmHhcXDujrOj9m6q9RTpZUMqVCC:3b7ybZLC26oy+p4jut2t9hqDsryQzRVg

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2556	mpkcd-v2011v1.exe
2556	mpkcd-v2011v1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mpkcd-v2011v1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2556	mpkcd-v2011v1.exe

C:\Users\Admin\AppData\Local\Temp\mpkcd-v2011v1.exe
"C:\Users\Admin\AppData\Local\Temp\mpkcd-v2011v1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp5341.tmp\ioSpecial.ini

Filesize
740B

MD5
1201d3006258aac868440c3842374795

SHA1
e4d438fce5f183975d9de08197d4140ad4ef4332

SHA256
9a730f2eccc033eae1e18edbcb353755836e0667eb77180f999fb0098b79cff9

SHA512
8d350b0bdd63c24b098f921d66f9b60e3fccbabbabb681fefd98a354a8b2d215d49fcc523b279d1c408b26eff908a036431d12bde7131959d898ed949bf95df2

Download Submit
\Users\Admin\AppData\Local\Temp\nsp5341.tmp\InstallOptions.dll

Filesize
12KB

MD5
4c7d97d0786ff08b20d0e8315b5fc3cb

SHA1
bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

SHA256
75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

SHA512
f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

Download Submit
\Users\Admin\AppData\Local\Temp\nsp5341.tmp\advsplash.dll

Filesize
5KB

MD5
ca60ae514320a0bfc4991c1fca3dc4ce

SHA1
c0d7db92c979d75233db185f18dee0c9518dd8ae

SHA256
08d2283396141ae8222c6959a0e1b4f75a75a3f2643b33d6d1c9b90d0669c606

SHA512
8e2d00909828b2f527bed1d2dae39e991142091cda8e80fb512ef2790fdd8146e6222dc1a98730af864b1437eab9f0e881e9adc3aad4e6c67f840dc3c4115a3b

Download Submit