Overview

overview

7

Static

static

3

VideoPlayT...up.exe

windows7-x64

7

VideoPlayT...up.exe

windows10-2004-x64

7

Bin/mksquashfs.exe

windows7-x64

1

Bin/mksquashfs.exe

windows10-2004-x64

3

Bin/style.ss

windows7-x64

3

Bin/style.ss

windows10-2004-x64

3

Bin/transl..._ar.qm

windows7-x64

3

Bin/transl..._ar.qm

windows10-2004-x64

3

Bin/transl..._bg.qm

windows7-x64

3

Bin/transl..._bg.qm

windows10-2004-x64

3

Bin/transl..._ca.qm

windows7-x64

3

Bin/transl..._ca.qm

windows10-2004-x64

3

Bin/transl..._cs.qm

windows7-x64

3

Bin/transl..._cs.qm

windows10-2004-x64

3

Bin/transl..._da.qm

windows7-x64

3

Bin/transl..._da.qm

windows10-2004-x64

3

Bin/transl..._de.qm

windows7-x64

3

Bin/transl..._de.qm

windows10-2004-x64

3

Bin/transl..._en.qm

windows7-x64

3

Bin/transl..._en.qm

windows10-2004-x64

3

Bin/transl..._es.qm

windows7-x64

3

Bin/transl..._es.qm

windows10-2004-x64

3

Bin/transl..._fi.qm

windows7-x64

3

Bin/transl..._fi.qm

windows10-2004-x64

3

Bin/transl..._fr.qm

windows7-x64

3

Bin/transl..._fr.qm

windows10-2004-x64

3

Bin/transl..._gd.qm

windows7-x64

3

Bin/transl..._gd.qm

windows10-2004-x64

3

Bin/transl..._he.qm

windows7-x64

3

Bin/transl..._he.qm

windows10-2004-x64

3

Bin/transl..._hu.qm

windows7-x64

3

Bin/transl..._hu.qm

windows10-2004-x64

3

Analysis

  • max time kernel
    1369s
  • max time network
    1158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VideoPlayToolSetup.exe

  • Size

    36.8MB

  • MD5

    0afbf523d8a7d9a44b4db03cd215ceca

  • SHA1

    61ca5149df0b5878d7f1071f30081da4023b906d

  • SHA256

    b793adade7cd9f14d1e6a9b066257092f45b77e9bfe4ca5d481dbce2638a7dbe

  • SHA512

    e152887b089a566cd74947447fcaf1f906f13fadd852962f19fe03ffd32b12d9194bf197b0fb659ea560af4cf7e945c5d2794854b05d7e28dc416313e629d699

  • SSDEEP

    786432:2sptTL+Zd/1S2xV5FAokrDwEMz6jSRDISx9+wPLymvT93UPPH1SC:Tk9S2xruiJWiD1g+3UlSC

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VideoPlayToolSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\VideoPlayToolSetup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsx7ED6.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    5f35212d7e90ee622b10be39b09bd270

    SHA1

    c4bc9593902adf6daaef37e456dc6100d50d0925

    SHA256

    31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

    SHA512

    7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx7ED6.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9648b84aec426c8426e8312b73956216

    SHA1

    9105d2ac9b9d627c1f77708ee3efd2e8760572ca

    SHA256

    b60aec1c8956d2140fc1539f216768913f39f5731d708b0e060851823b4ff319

    SHA512

    0d4a2ce9d01f922d7913606b33ebb5d7be91acff5d8f295d683162f80d19e7bf7a0ec9b5c464b6b25ac265bc6e198857b2e34d671bfbfbe3754116a9e57de302

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx7ED6.tmp\NsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx7ED6.tmp\ioSpecial.ini
    Filesize

    693B

    MD5

    ec52e3918cb0040097b6f9e701f36149

    SHA1

    18d3501d791ff5b1c927e63b0c0ad996c254db18

    SHA256

    0b8cd60cc91351d4c9002f86c81c231a68fe3047fd7102b4c373b765e8fd06fb

    SHA512

    322ec95e41c8cd944c8a7d5ce53a0b7298cea526e399f491931c564db0819bb3a92b6cb0b95109226575c38c6fc31db4cdc08dad1becd7106cd1a2a13eb4d3c4

    Download Submit