5f20af1d782468507417d0785826b1f064fadba88ed1691e2def269922ace56b

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lmms-1.2.2-win64.exe
Size

35.1MB
MD5

8a5e80d496c3052a2057098dcbb1293f
SHA1

f26b1be68206eaa0b36f1ee057bda45b45070a30
SHA256

5f20af1d782468507417d0785826b1f064fadba88ed1691e2def269922ace56b
SHA512

e99d92bec376c548c0b3f8569fa43414efe9fa3f24d43a23c281a526a5a4c94642ddd0103a369b5feebe0b63f00c2633925be7a22ed3ccd70ef7c599fb424351
SSDEEP

786432:fJNH9O9cqiO3Z3QBH9OiJJTtDUv2P2YG+O9aXNTqtuHkwloovV/6+:Rd9OT3Z3Qx9OoUvNY/O9eNT5EhMV/n

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1864	lmms-1.2.2-win64.exe
1864	lmms-1.2.2-win64.exe
1864	lmms-1.2.2-win64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lmms-1.2.2-win64.exe

C:\Users\Admin\AppData\Local\Temp\lmms-1.2.2-win64.exe
"C:\Users\Admin\AppData\Local\Temp\lmms-1.2.2-win64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsb7D6E.tmp\InstallOptions.dll

Filesize
18KB

MD5
adec63bd08a185bffe6fda335d29df87

SHA1
23f37d31f3b1c07547ad4fa2747305a04ac09b54

SHA256
dbd0068d46077ee1ace4eaafc3312389c29af22d306c5757a1a29a93146604a9

SHA512
44bb32fa41b0c2b41d637f15dd2cab84ad6f9dae39febb263923eeee19d1c80d65ba3939ab87d34fbb28af6a6f867c21daab5810d289e309451c67ef6f65a88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7D6E.tmp\UserInfo.dll

Filesize
6KB

MD5
7f780de67db61a924bebc0cafaded3ad

SHA1
3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

SHA256
9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

SHA512
8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7D6E.tmp\ioSpecial.ini

Filesize
688B

MD5
69b24fce62bc53232a3a04584083e89f

SHA1
6bae313363112cfac792db2f68f7c71dba2f8d33

SHA256
e26af71de024bcb38cdf8bd3a9b742104df062727745460053912517e0fa38d1

SHA512
45f9bbb004cd8413066785970de8c071d56061452e32df2a981ba6ea67b7e94b8c3f82717ae19316b269873af035367eaddc7c538e68d8769e4c3f42f0f36151

Download Submit
memory/1864-87-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/1864-88-0x000000006AF00000-0x000000006AF0D000-memory.dmp

Filesize
52KB

Download