ef6e18e25ab47f50335d8259aaa84463232df0919a6a06e66374ae538a9c8862

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

animefeedinstall.exe
Size

5.9MB
MD5

12008bed3064e395c89d9fb5df5c092c
SHA1

a7c48c352bc46518f8d6d64e44e3cd16bc8eec1f
SHA256

ef6e18e25ab47f50335d8259aaa84463232df0919a6a06e66374ae538a9c8862
SHA512

3c0fae3883e8f8ab9be574cc4195b609fb0dcce1ee29b1c367133aea5afcb621f0441b2047a44124a0153bf62569d576f7484efc969ce081e14f38ed25a2b7cb
SSDEEP

98304:+lIReDXM1oGt5nTjBbqx+5oh2797JKdaqvwVyZy+nV9:+lIeIz3TjBbCh27978M/Un

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1064	animefeed.exe

Loads dropped DLL 3 IoCs

pid	Process
1064	animefeed.exe
1064	animefeed.exe
1064	animefeed.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Anime Feed!\Uninstall.$$A	animefeedinstall.exe
File created	C:\Program Files (x86)\Anime Feed!\animefeed.$$A	animefeedinstall.exe
File opened for modification	C:\Program Files (x86)\Anime Feed!\Uninstall.exe	animefeedinstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	animefeedinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	animefeed.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2344	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1064	animefeed.exe

C:\Users\Admin\AppData\Local\Temp\animefeedinstall.exe
"C:\Users\Admin\AppData\Local\Temp\animefeedinstall.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3468

C:\Program Files (x86)\Anime Feed!\animefeed.exe
"C:\Program Files (x86)\Anime Feed!\animefeed.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x244
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Anime Feed!\animefeed.exe

Filesize
6.6MB

MD5
3d9f35f138e94df3c7c9f35d4ea970b0

SHA1
163d549123bde9bee7603cf0394ae75a486dba00

SHA256
63f2d28838b524d5fc585476a40b54b2e39161346f0618f5d3f4bf7796752222

SHA512
38149993cc8f90d7a004ccce6f1046a8b776b49a8e14a9820915c7cc6b1e3498375bfb8984c0566739b84c08a0458dff58294383c59b8b1120882dc4741f5f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC94B.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
ba4baf4220ede3a3bd32123e9c0fd952

SHA1
e1186c6746d67e42fc57f72a6ed07e600755305e

SHA256
a38d94169881d68a20c5031895492fa2bae58e70332b2f08fca79e62f4359edd

SHA512
55827a02e2617bc94b9990ff348d893eda39fdc6251abe506e0ac1f656ac2cd9bdae8197de437b277c434482e8a1c6782f7ab5b8993d1aa0b779d21b6349dece

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC94B.tmp\mmfs2.dll

Filesize
460KB

MD5
4758d460ecbb307ed90d59643046f00b

SHA1
2bd87c39f97b73b9db6d205bb10ae37eb82f2372

SHA256
3293a93c6d8a2ce529538fbdd2a81dc623fc40464efdb5348c8e039788ad1b22

SHA512
970a44102539ed3116c125bfcf9075e3acb8f710a338ff8ba881bbebf5111d236b3c27bf325a77d83d295aba8e836439fb6fd54a899e3ef075e1e45b6e2a1fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC94B.tmp\mp3flt.sft

Filesize
24KB

MD5
f0ebc8596156d8ebf6201a10f9864305

SHA1
0efd689d027d2d592369c3585cdd9a0b879e6562

SHA256
fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

SHA512
7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

Download Submit