eb5ed1ceb9f6360444cca8396edea72f61192b68677e6bdc28349ab3ef19805c

Analysis

max time kernel
145s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HA_AmondVideoConverterPro2.4_LRH.exe
Size

4.5MB
MD5

637c021d1488a6b295697a7eb2d3da01
SHA1

72d032bde9db354277e545b2be318fdf907d77f9
SHA256

c142882ae6124c07ddbbdc85e3b16742817aae265e6137aba6de88a0c603f970
SHA512

c39960e346c1c89b752b50a9dcd8313f508ec722d348f720ce49235f9fae184b32e92cf1d5418d2b82fc40e41c00832a2518410896e9b75f640a3ef3a56ff312
SSDEEP

98304:FDp9HqdsMgMYB7PCMNtQjjVMVdG29SMzOGo9+h:tHSsMgM87PCMEAMMjB

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1868	HA_AmondVideoConverterPro2.4_LRH.exe
1868	HA_AmondVideoConverterPro2.4_LRH.exe
1868	HA_AmondVideoConverterPro2.4_LRH.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HA_AmondVideoConverterPro2.4_LRH.exe

C:\Users\Admin\AppData\Local\Temp\HA_AmondVideoConverterPro2.4_LRH.exe
"C:\Users\Admin\AppData\Local\Temp\HA_AmondVideoConverterPro2.4_LRH.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nscBFA8.tmp\brandingurl.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscBFA8.tmp\installoptions.dll

Filesize
14KB

MD5
99a01229bfad8d31bf0ccf636f993393

SHA1
699c225ac447723d20bb786d18f4c95f5fd8951c

SHA256
58b6827090451254627c340ddc941cfdd87930606e3859bd29495ece878ca115

SHA512
bbf78a03004347cae25fab552e846dfd4873b39a2cc3613bc05a328a5a6cff026b13fa0653d3607197faccbabd4a9d97df2948bcf2ef5414e7d08cdfad6bbe15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscBFA8.tmp\ioSpecial.ini

Filesize
677B

MD5
9043f8e3bb729c20dc9e13dc5105c54e

SHA1
b67975af23bc66a0bf49c175bfe42b50c3152180

SHA256
ab91a2e66ec969c8c6944b2fbda75a6280466283c0565009a03fb7d7e329d92c

SHA512
d25d0e3107ccb515d46cda90d17ecbf56798af22aec61d2a1a640e81dcb742b2514c3adc35790902ede37fe232645be7f91bfbc0ccdcaa490c21681c54cfa745

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscBFA8.tmp\ioSpecial.ini

Filesize
717B

MD5
d599004df434288aa283f42ad2f3471f

SHA1
6ce5be219cb857fd6cd590acfb19a240f2aa66de

SHA256
e4e62235eddf204969f468160698f61256c6f11a552f9dce4117076dcbba7232

SHA512
24adcba8b5b864b550295f9f30c1f8d665f31f1c0a9278d50fafc04ca07395532a5469ee70bd2b29aacd6171f68dd951343e36a01b81f66367a5a65eea07d322

Download Submit
memory/1868-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1868-91-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download