Overview

overview

7

Static

static

3

dmd-2.109.1.exe

windows7-x64

7

dmd-2.109.1.exe

windows10-2004-x64

7

dmd2/samples/d/all.sh

windows7-x64

3

dmd2/samples/d/all.sh

windows10-2004-x64

3

dmd2/sampl...ld.bat

windows7-x64

1

dmd2/sampl...ld.bat

windows10-2004-x64

1

dmd2/sampl...an.bat

windows7-x64

1

dmd2/sampl...an.bat

windows10-2004-x64

1

dmd2/sampl...ner.js

windows7-x64

3

dmd2/sampl...ner.js

windows10-2004-x64

3

dmd2/sampl...ld.bat

windows7-x64

3

dmd2/sampl...ld.bat

windows10-2004-x64

3

dmd2/sampl...amp.js

windows7-x64

3

dmd2/sampl...amp.js

windows10-2004-x64

3

dmd2/src/d...sem.js

windows7-x64

3

dmd2/src/d...sem.js

windows10-2004-x64

3

dmd2/src/d...nk.vbs

windows7-x64

1

dmd2/src/d...nk.vbs

windows10-2004-x64

1

dmd2/src/d...ber.js

windows7-x64

3

dmd2/src/d...ber.js

windows10-2004-x64

3

dmd2/src/d...ead.js

windows7-x64

3

dmd2/src/d...ead.js

windows10-2004-x64

3

dmd2/src/d...ror.js

windows7-x64

3

dmd2/src/d...ror.js

windows10-2004-x64

3

dmd2/src/d...ect.js

windows7-x64

3

dmd2/src/d...ect.js

windows10-2004-x64

3

dmd2/src/d...ic.vbs

windows7-x64

1

dmd2/src/d...ic.vbs

windows10-2004-x64

1

dmd2/src/d...op.vbs

windows7-x64

1

dmd2/src/d...op.vbs

windows10-2004-x64

1

dmd2/src/d...ion.js

windows7-x64

3

dmd2/src/d...ion.js

windows10-2004-x64

3

Analysis

  • max time kernel
    39s
  • max time network
    28s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 02:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dmd-2.109.1.exe

  • Size

    31.1MB

  • MD5

    268731d15b935cb5c46973ea98b9e7d2

  • SHA1

    39fccb3315636e90e97c76f3e9cb24e82f40d855

  • SHA256

    4163bd79ef89a5aaeef30890b68854f09331e32c75db7f47544382b62aad185e

  • SHA512

    a3b1c02b02a0b4c80b3f022aedeb80bc0c5670484dd7e9dc3d4fbb45079aa43c34e019bad56c3baf2769b16591dc6914d43231e68888e4b92489bd0cba5a3a1b

  • SSDEEP

    786432:OquNsmFkLEva1eo7Gt5wJNZyGLtiOE3lMD/yb:teFfa1e/bgNZysvqq/g

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dmd-2.109.1.exe
    "C:\Users\Admin\AppData\Local\Temp\dmd-2.109.1.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:2776
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2548
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x514
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:864

    Network

    • flag-us
      DNS
      download.visualstudio.microsoft.com
      dmd-2.109.1.exe
      Remote address:
      8.8.8.8:53
      Request
      download.visualstudio.microsoft.com
      IN A
      Response
      download.visualstudio.microsoft.com
      IN CNAME
      visualstudio.download.prss.trafficmanager.net
      visualstudio.download.prss.trafficmanager.net
      IN CNAME
      4316b.wpc.azureedge.net
      4316b.wpc.azureedge.net
      IN CNAME
      cs10.wpc.v0cdn.net
      cs10.wpc.v0cdn.net
      IN A
      68.232.34.200
    • 68.232.34.200:443
      download.visualstudio.microsoft.com
      tls
      dmd-2.109.1.exe
      812 B
       6.9kB
       10
      10
    • 8.8.8.8:53
      download.visualstudio.microsoft.com
      dns
      dmd-2.109.1.exe
      81 B
       219 B
       1
      1

      DNS Request

      download.visualstudio.microsoft.com

      DNS Response

      68.232.34.200

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nseC380.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      a3dbca3f9ea378682ab14be16a008081

      SHA1

      4dada69f74478677c502ba128e18747be1c75124

      SHA256

      6dec3383d6b1ec8affe5bc6e5e4da05e014a7b1b6687d0083594f27e1d21d480

      SHA512

      7f6d53cf5dec50982da48eb0882980b6d0dcdfc0636f98df403706abe57291b7e28b356e9b1ec28f711485cc984e4531b72ec36877c76473907d2ca751325976

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseC380.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      8051373410ede4f33baaad5b99f244d4

      SHA1

      c463ac836dafda62bf60870045f4cb654777a912

      SHA256

      16a9184fd057c9f33f5eb4fcc46e34d197f030342dd4d8a98f854bd73a91c3c7

      SHA512

      7f5b91d3c1f58489598b1c274a83f3d6840ba88be2cd338fd835457b4e877d0708d353e6df3183155a4743a2e83792ab3aceae1860e816a031f1f0a6def42502

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseC380.tmp\vcinstall.ini
      Filesize

      2KB

      MD5

      8fd5542fc17e23de1bc60635c63ce8af

      SHA1

      92876db078bdcd4117656aaadbea934665e44682

      SHA256

      4535a066b050c8c206e23b5e1f8d5b8dcbedb15a3b7ce60a2287e426d622e049

      SHA512

      6eb5734ff5026ef9a35afa419b0ef467d9d3d1380ea55b3cad4472d5d47a9387fa61dc9226dd1fee22e385aee34ece6e1f60f1eeed108c6cdc0018e0a7e1d7a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseC380.tmp\vcinstall.ini
      Filesize

      2KB

      MD5

      a231e732ca644d03f3b488bf2542acc4

      SHA1

      847ba5b1d960783efcb30ec64cd19563f4d19a0b

      SHA256

      ec9bec7c9b0a38bc6cef133faf809c55af596903067175d8b21207a6083e604d

      SHA512

      1dbf6106b68063f279ce834d026efeaad551391389693f72ffde610524b30593667329e4fd53c1e256ff838badf19979137a687f0437b6160b778aaa555a2adc

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseC380.tmp\INetC.dll
      Filesize

      25KB

      MD5

      40d7eca32b2f4d29db98715dd45bfac5

      SHA1

      124df3f617f562e46095776454e1c0c7bb791cc7

      SHA256

      85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

      SHA512

      5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseC380.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      09d8971beefefffd710030dd167a99e0

      SHA1

      a0117786ad77213f3eb48cfdc3819786cb796b7d

      SHA256

      caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

      SHA512

      3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseC380.tmp\System.dll
      Filesize

      12KB

      MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

      SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

      SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

      SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.