Analysis
-
max time kernel
592s -
max time network
433s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
29-07-2024 18:11
Static task
static1
Behavioral task
behavioral1
Sample
dmaster.exe
Resource
win10v2004-20240709-en
General
-
Target
dmaster.exe
-
Size
9.1MB
-
MD5
55f2155a18103b1ad0906b8b41a0564d
-
SHA1
3c09f8b510e61eae350f8117e0561030d714948c
-
SHA256
b9977f9e501ff7e873b5b5809296b8f98ee56d07e7bb87f61d6dbc5f3746a5f9
-
SHA512
4719275f747043aca12839e2e126e6191e8c507bfb5b17cf0e25ee9808616c7bf74dec976477bb9a11bb2ff0ee4ecb3a37b7cd8a0f3bf00c870f4c297622a817
-
SSDEEP
196608:+U8XVbMEH2WW6a242wBAb4nKf2e47OpwcjSIDcLi0vzoCuuyqFP6opP9STaa47cE:7yMEH2p61wNnzwrOiAoCuuyqR6K9S+aA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
dmaster.tmppid process 3692 dmaster.tmp -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
dmaster.tmpdmaster.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dmaster.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dmaster.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
dmaster.exedescription pid process target process PID 3192 wrote to memory of 3692 3192 dmaster.exe dmaster.tmp PID 3192 wrote to memory of 3692 3192 dmaster.exe dmaster.tmp PID 3192 wrote to memory of 3692 3192 dmaster.exe dmaster.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\dmaster.exe"C:\Users\Admin\AppData\Local\Temp\dmaster.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-FGMI7.tmp\dmaster.tmp"C:\Users\Admin\AppData\Local\Temp\is-FGMI7.tmp\dmaster.tmp" /SL5="$5029A,8636448,832512,C:\Users\Admin\AppData\Local\Temp\dmaster.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-FGMI7.tmp\dmaster.tmpFilesize
3.1MB
MD5c7364c74062ab62a663a623c83a7b677
SHA1138ea2ab69bbead71fd881b645f329c07181c8a6
SHA256fc3ca471b8be530e91c6b305d1a68a7c3479ffd5993d239f8f6b6cfeab5456a1
SHA5120cfdef24723ecaee209c55afa4cca31f5192be25323b79471dd11fa9fac8d901c53e64641ac5a0187e6fbbd282d0d9af6a3d61df747765cb6846fcebde7a0665
-
memory/3192-0-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/3192-2-0x0000000000401000-0x00000000004B7000-memory.dmpFilesize
728KB
-
memory/3192-8-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/3692-6-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/3692-9-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB