ed2821277a0521f51a0c8b983641f2d77980e1e316c9e455f7ed03c2d697839b

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SSTap-beta-setup-1.0.9.7.exe
Size

6.8MB
MD5

d1311ccd62041691922bec9efd5ce16e
SHA1

bf6360a0cdeba4b72d9bfebec3f242808bc0b1d6
SHA256

84852993d1dc0bd68deb560ae171df5caf3eee3dbb9977a931408fc08e8ab0e6
SHA512

bcdeb35631c76a6272e86a46c565537cd33451059011f19325fa6beb3d1e4270ec4580f4b810c6747e7179b01721773fcae209e0d7ce94da350bb5fceb7800a5
SSDEEP

196608:agQ9/unnUqSneNErDmG46lr3CGu1egLFrLPSb:xQ9WnnUreNEf9RhugQFrLW

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
964	SSTap-beta-setup-1.0.9.7.exe
964	SSTap-beta-setup-1.0.9.7.exe
964	SSTap-beta-setup-1.0.9.7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SSTap-beta-setup-1.0.9.7.exe

C:\Users\Admin\AppData\Local\Temp\SSTap-beta-setup-1.0.9.7.exe
"C:\Users\Admin\AppData\Local\Temp\SSTap-beta-setup-1.0.9.7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd9B67.tmp\InstallOptions.dll

Filesize
15KB

MD5
b06dfd343c2a80f584ec8968b942a839

SHA1
223b308f92cc53890993f6ac8caab49e0816ec90

SHA256
e546bcfa8d4adf45cc0828f32c0607385688994e19b41e11e5ce9badf923c0c6

SHA512
98686a228f816056ee56e4598b8b48c7beba835cff59c21b3fe9645a916fca4eac0e68728c460706c36a0a90423eef0809085e292390d14459d2e08d82724715

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9B67.tmp\LangDLL.dll

Filesize
5KB

MD5
30b091668111ab1d6c19f16586a9eee5

SHA1
aea49d81cf9972eaf1604793c04d13ddffe2c475

SHA256
331ca4b3a311324b463167ec43851146e57a2d90500ac3fd57a7683f6b777ffb

SHA512
6dd592af085b2e28c54d7f525916112dbf5cfe134393b0b97f8f1f64739cf90962273c51f02e8ce2c623cf6aa8355eacda5db0b0256d8f05a77ccf0f99d11648

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9B67.tmp\ioSpecial.ini

Filesize
1KB

MD5
cdae47733b398a330a4f22241e5b163e

SHA1
124c834d31f3925a62d702c9ad4424210431b479

SHA256
75f04121238956f4d12ec18f6c9a543ceba263d10af68ee11668e8c27dca6d1e

SHA512
6cb6542175aafe03eb56a6971f008bd4cea4827eaa26e8d7b30be6a1c138f1c347a44ba7da8311fee06535cb04ae20a1e0667d16a0686dccdd931c1c205d3210

Download Submit