Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 20:59

General

  • Target

    WOMicClientSetup5_2.exe

  • Size

    1.4MB

  • MD5

    d8c68825b8a2cd1f00736b617240684c

  • SHA1

    7b68a0832785021e8883cec41606e60fa4a887e6

  • SHA256

    c7c7227a636b4c612cdf3f3d803be3ef1cf8f9aedad1c5d6620e0b9f6e0931a8

  • SHA512

    15f79655b8cfefa402aca135e900881b266f6de3f6f2ada63b59303c0a9efac0175fb253ed640a4cfc2888c5e6954ab24c7c54d4532ca56c3b0a90107af02b05

  • SSDEEP

    24576:Y12rpcEd5xQyaYXnCTZh5GYP7INP4w6ZtwZdsIAljoXHNAi7JYYDd+7PJms:QkzSy/nClDzBaZfuo3HYnPJd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\WOMicClientSetup5_2.exe
    "C:\Users\Admin\AppData\Local\Temp\WOMicClientSetup5_2.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu79A5.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    174708997758321cf926b69318c6c3f5

    SHA1

    645488089bf320f6864e0d0bc284c85216e56fbd

    SHA256

    f577b66492e97c7b8bf515398d8deb745abafd74f56fc03e67fce248ebbeb873

    SHA512

    214433597e04ca1ff9b4fe092d5d2997707a7c56f0f82c85d586088a200e4455028f3b9427d87b4f06f9252557d5be4b7a9138ea6a8d045df6209421fd8ca054

  • C:\Users\Admin\AppData\Local\Temp\nsu79A5.tmp\System.dll

    Filesize

    11KB

    MD5

    0ff2d70cfdc8095ea99ca2dabbec3cd7

    SHA1

    10c51496d37cecd0e8a503a5a9bb2329d9b38116

    SHA256

    982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    SHA512

    cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

  • C:\Users\Admin\AppData\Local\Temp\nsu79A5.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    d6c3dd680c6467d07d730255d0ee5d87

    SHA1

    57e7a1d142032652256291b8ed2703b3dc1dfa9b

    SHA256

    aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

    SHA512

    c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

  • C:\Users\Admin\AppData\Local\Temp\nsu79A5.tmp\nsExec.dll

    Filesize

    6KB

    MD5

    01e76fe9d2033606a48d4816bd9c2d9d

    SHA1

    e46d8a9ed4d5da220c81baf5f1fdb94708e9aba2

    SHA256

    ee052fd5141bf769b841846170aabf0d7c2bb922c74c623c3f109344534f7a70

    SHA512

    62ef7095d1bf53354c20329c2ce8546c277aa0e791839c8a24108a01f9483a953979259e0ad04dbcab966444ee7cdd340f8c9557bc8f98e9400794f2751dc7e0