b793adade7cd9f14d1e6a9b066257092f45b77e9bfe4ca5d481dbce2638a7dbe

Analysis

max time kernel
1559s
max time network
1561s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 09:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VideoPlayToolSetup.exe
Size

36.8MB
MD5

0afbf523d8a7d9a44b4db03cd215ceca
SHA1

61ca5149df0b5878d7f1071f30081da4023b906d
SHA256

b793adade7cd9f14d1e6a9b066257092f45b77e9bfe4ca5d481dbce2638a7dbe
SHA512

e152887b089a566cd74947447fcaf1f906f13fadd852962f19fe03ffd32b12d9194bf197b0fb659ea560af4cf7e945c5d2794854b05d7e28dc416313e629d699
SSDEEP

786432:2sptTL+Zd/1S2xV5FAokrDwEMz6jSRDISx9+wPLymvT93UPPH1SC:Tk9S2xruiJWiD1g+3UlSC

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1900	VideoPlayToolSetup.exe
1900	VideoPlayToolSetup.exe
1900	VideoPlayToolSetup.exe
1900	VideoPlayToolSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VideoPlayToolSetup.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1900	VideoPlayToolSetup.exe
1900	VideoPlayToolSetup.exe
1900	VideoPlayToolSetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1900	VideoPlayToolSetup.exe

C:\Users\Admin\AppData\Local\Temp\VideoPlayToolSetup.exe
"C:\Users\Admin\AppData\Local\Temp\VideoPlayToolSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoDBDF.tmp\ioSpecial.ini

Filesize
693B

MD5
9feef89fb8c01147779138aa19558c7c

SHA1
fb8cd249c39d9f2e0bf8712fb6c0a71ecacdfd68

SHA256
1ea8c89adb5a1135bfa275a6741b7d7b3c1232ba59e20c18511ec4b94bc4bc2f

SHA512
3d20dbe83ab66ca6cad563b4340ca7d6732d1b7e8403b6a8b9a5f42ae68c4a5f78affe023856ecbfe1288d0057c49ea4df29d56090ab60cec46d26f1103018c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDBDF.tmp\ioSpecial.ini

Filesize
732B

MD5
3d5e25453d92dbb29dcc1d865f81178e

SHA1
b45693b150ccc744400d796e7b8ddb87db400359

SHA256
5a3afbdc51ffee1cf521434a4a5e6d8e2d2cbd0c4954347cd3e65cd7f35d1665

SHA512
fdce9f4255b9794bf35c5bf0b8a693551c9d5a845c12e61914e63e6d172f2ea664f2bc19f9b9a4a73a01fe5627e22d25ccdcfd24a4e36e022afe809b8c68acf9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDBDF.tmp\InstallOptions.dll

Filesize
14KB

MD5
5f35212d7e90ee622b10be39b09bd270

SHA1
c4bc9593902adf6daaef37e456dc6100d50d0925

SHA256
31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

SHA512
7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDBDF.tmp\LangDLL.dll

Filesize
5KB

MD5
9648b84aec426c8426e8312b73956216

SHA1
9105d2ac9b9d627c1f77708ee3efd2e8760572ca

SHA256
b60aec1c8956d2140fc1539f216768913f39f5731d708b0e060851823b4ff319

SHA512
0d4a2ce9d01f922d7913606b33ebb5d7be91acff5d8f295d683162f80d19e7bf7a0ec9b5c464b6b25ac265bc6e198857b2e34d671bfbfbe3754116a9e57de302

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDBDF.tmp\NsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit