4e5853973748fe4e7fd934067e751950effa57e4baef7565b675f1863b0fbf1e

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mizuki Island.exe
Size

363.8MB
MD5

97bf9c47b540c1770ce07ac3b043de41
SHA1

e8fc2a8bab91d878be81e7d6200b5556c349bb97
SHA256

4e5853973748fe4e7fd934067e751950effa57e4baef7565b675f1863b0fbf1e
SHA512

2cb4e9860c69808ff4cb869426b8597bcd905d9505b3f2676e96007b1d33e1449eaf6e614c66a6be66933cc6fb8b90749ec7fae502d0b1f33feeefb5153760be
SSDEEP

6291456:7AUEXIFTVippZ+cC3kX8ba8aJpRFqu3Uj+AZ8a2JZCr/LrpEp1PecZrI+q5ligu+:cnXIxV8oL/qJzAZ8Fyrz+p1PbOR5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
528	stdrt.exe

Loads dropped DLL 16 IoCs

pid	Process
2172	Mizuki Island.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe
528	stdrt.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stdrt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mizuki Island.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
528	stdrt.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
528	stdrt.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 528	2172	Mizuki Island.exe	31
PID 2172 wrote to memory of 528	2172	Mizuki Island.exe	31
PID 2172 wrote to memory of 528	2172	Mizuki Island.exe	31
PID 2172 wrote to memory of 528	2172	Mizuki Island.exe	31

C:\Users\Admin\AppData\Local\Temp\Mizuki Island.exe
"C:\Users\Admin\AppData\Local\Temp\Mizuki Island.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\stdrt.exe
  "C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\stdrt.exe" /SF "C:\Users\Admin\AppData\Local\Temp\Mizuki Island.exe" /SO368640
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\MMFS2.dll

Filesize
316KB

MD5
b08bd6b4b309354dfbba010cd4ec6ffd

SHA1
dd1410331f7b5bacf14d5c6a610590ce7878b846

SHA256
bba5227e0695f9ddad71e5cbf7b692b4a417cc426daeb215db10c6fdb0f0d363

SHA512
f9f141389f33719484da3da2d4d181648d6759d1355af970d41743e6b1140527e0255d1436845d8edeb0ba9627f7df3ff0c756b267c1fec91c93298f65015c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\aviflt.ift

Filesize
24KB

MD5
bcb767b3dd8769c14eeb15d44e3e8ee2

SHA1
25c652e80a3d1892f6b351f6bcdd3e950b10af9c

SHA256
0eeffe2fa3c93f3ef62ec357b481d6caac0d3d190fb997ebea623dc5fd674f8c

SHA512
2a652d40030b91366fd3fdec8611bfb4643e8f41ac723e513b9e5a5b583c7cf1f11768d41d9379d43f953d748eecca0dd84406af9e03a704cb80e9b87d4a0968

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\bmpflt.ift

Filesize
24KB

MD5
ec49eb9e3ce55277caca4acce5080669

SHA1
1e891bf4b6e4db661bf2bc2311f1fb4002f9216b

SHA256
b7eb74b793f9fb30439e54af504eefee675e73ec8342bd1be784225ded98cdf4

SHA512
0d27400209366117b868401098fbbb2bdfb6115db7570eeb874a43e9e072b9ba5b082ff46b5bca9ce8119d0dc2ebd14e3aff2ad78ae324ef6e508c5e9b8ced44

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\cctrans.dll

Filesize
64KB

MD5
decc4a0b43b501742a5a9f00b94d993b

SHA1
bc1f271a9a4220975efd15b5b1760994e4e34c66

SHA256
b3bca576cc5919640d7279aff7b2ef6582af563103a4db3279d4078686619e43

SHA512
a161f0579a1af5ad72b2979756f7d1fdd94a1182f6e0a31099c03b591406e195367a1ba31336def367dbbf50d752eeba4ac676c4fa40d81925b104254d64e5e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\fliflt.ift

Filesize
28KB

MD5
0eca70c6c3683aeeed66be7bf98efbcf

SHA1
ab8a7da460e4cf816e7b798d37305b0e5d3a3761

SHA256
4fff120c0c69c1c853cbb5ff83f16a199bc2e4f45c6f8c564b22c3c10b546732

SHA512
0959e988be75d1e99be9a7a93d3c25909acb4c5bcf869e67a1fc814a5575435ffc78c6bf055b495e9b8d2a2952c5636e52478c4d060074b2ca71c07af43f307e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\gifflt.ift

Filesize
28KB

MD5
6e2b70b830863820e9d6750ac7f7b9e1

SHA1
1d4ddc85bc8dd853e95a65822d0d1966ec602979

SHA256
4aa6628517c02816f033d79d386d7d817e7df74fe8cfae351312069fd4c61471

SHA512
7f3164202576f1b68f1197fa94423d28edd2d279f11c463c4c1f84ef0f075a4c9fd2c009184b18649b0e15fb7354f80a31e66e847be6fb6e18dc1eaff1a40719

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\jpgflt.ift

Filesize
92KB

MD5
1b8c0407f421ae454eef87edb2264698

SHA1
e248285cdf8691d56243a81000fd667f84ff9550

SHA256
23a54d3586092ccd82bc42bdab0c5ece75f68d1f6313e717a815746b38a7f857

SHA512
a9fe4b02d6c58c590c051ed0b9375793cd22c56986072895e988c554d265f4243b45c8569dd300fe5c080c5a9addb5d7faab654a2be375992cbbaec8c94469d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\kcini.mfx

Filesize
28KB

MD5
9deee1ff03c4021201f322d1c759d2c1

SHA1
45cf77aaa844796b606d668d503f3600c1d7b4e0

SHA256
97e58cf3c469a090065117d5c0fe097fe12bebc7e346a4e467098aa5ea0122dd

SHA512
1407cab07f287190eafd5690ec9c745d96e1c9d780cf29c1bd3a7ca99d936058c83e06759018eca9957af80907005067cd7be9a3f07aa7aeec995adaeda5a429

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\oggflt.sft

Filesize
130KB

MD5
e925b7e0be07bc86cb8042168077bb04

SHA1
233c160b5264e1fa4f3b3ad6464207c09f698d26

SHA256
848d266c7676a5f59e66386d76679b97d2934166a8d829d5d000b217ab7a34cf

SHA512
0063b350116bfa478ecda081ae364e08c84cb97a337ff0b6e0d442653976c2663b8b2b430cca694f1a75fd93414d264b46da1331e7aadc2cdd424d69db27c31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\pcxflt.ift

Filesize
24KB

MD5
dbe5395c9508ef6f4a8cbe3973051a80

SHA1
9b0d43f5ea8c11430aca42dfc381c82e557e31dd

SHA256
81ce5610214cc648f6e968af8f31c1bce0430e4e9dc4427bba743bc6aadcba4e

SHA512
c58dd464e755f77ea5da06ca70aa046e88d6a6543f8f0fe29ac16b0d2fc28cebd4a209c6ed1b059f09fe0d6b220e9e01f8c29c29b8336c8c0f1f20a1f99e6a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\pngflt.ift

Filesize
80KB

MD5
95e9db64a6248b00bfb42c2fde7e442b

SHA1
a437b1c8b5a96bc58ff339007243d7be98591307

SHA256
7bdae43096b32eb072731a93e6423a848459f385a2f5859629af40e389273f7d

SHA512
cfaaeab68ec6af3809a880a7abe65c33d8a91c9acd661c552e887b35b5f3426e278fd75aa02f95cc6c63c249474d7be6e57cc10329edb1fed05b4a7e614fc15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\tgaflt.ift

Filesize
24KB

MD5
47ae23e71eb7daf3ea31cc2110421489

SHA1
c03222469db64ef595afab571ef753af77996e4e

SHA256
bbfd34aa3f6a66e59f06e30103c6248eee54896364ee0c714819b9286b985880

SHA512
f1d33dab09b8c3913f629d459df64b8ddd237eaa7e9a4a136f20e3d7e3f50fa1b0b3bcda1baf4b5851ee726f961e16e6e8dd28b3b77578bc2a64a2c01a4deb4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\MoveIt.mfx

Filesize
14KB

MD5
4c16149677e08a8cf31c5a385210e390

SHA1
e280221e59dd1a2213f8884467d4317485b1f11c

SHA256
2b83b8b561da588697371211fec98a2b1793fa72bc04181f21d6a3cbd4656736

SHA512
b92c56fed4bdec37fe87a3f3aed3e0feb56cbda511be8a5b905124a0c712fd282a1350a44371eeba1fdd3271105da1b20355afaf9db369065b55653556fb98dc

Download Submit
\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\kcpict.mfx

Filesize
24KB

MD5
a568b9969b99fd2dc8b3a10b8d36e6a6

SHA1
f26b4b685d8d8fcf909810d139aa34f7ec31f424

SHA256
9bb29072a6e8b4b1e58cbf8d3b0892dce3b2d373c28538b61931be9424b45937

SHA512
037d98b8f124de5a32cc5211c20f6758d2b640b95484ff794556744541eb2febc755085746b94b6086b916b195a48caa2b8ea5086c90d1a6a15b685675a2b992

Download Submit
\Users\Admin\AppData\Local\Temp\mrtDD25.tmp\stdrt.exe

Filesize
640KB

MD5
d34a422504c0533f65d60bd847fc5712

SHA1
164d3424442abf4fd18e0b497f20a23925c0df81

SHA256
33f6e2f38df6d9dea5e3e67bd7894af91e4fd717eb787666233a542799bef62b

SHA512
8591043423aedf3dc0f6c7e4b436e140688c4a392cb9683f0d16192c69b319e0d685afc7c82cfb165cecdca6497bbe0c72923f52ebb7aff33e848ede6e96f10a

Download Submit
memory/528-39-0x00000000003C0000-0x00000000003D7000-memory.dmp

Filesize
92KB

Download
memory/528-44-0x0000000000520000-0x0000000000534000-memory.dmp

Filesize
80KB

Download
memory/528-49-0x0000000002330000-0x0000000002354000-memory.dmp

Filesize
144KB

Download
memory/528-54-0x00000000025E0000-0x00000000025F0000-memory.dmp

Filesize
64KB

Download