731ff864aef3e98931b5550125b2ba975ab9df334fbb9f0c026d0ca22c2e1457

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Live2D_Cubism_Setup_5.0.00.exe
Size

144.8MB
MD5

ccdac6eb7a73e43a633a2f02200c7166
SHA1

fb84f8f9a27d4588aff91e0c99dec1fb92eae02a
SHA256

731ff864aef3e98931b5550125b2ba975ab9df334fbb9f0c026d0ca22c2e1457
SHA512

7289753ab9a69370fed2fbc43a94e39d31e33db4596a081e35f92c3acf7000dbd8e15d4299741c94f15c2e447e78e47db80b55782755cc6ada7597f3e85089b6
SSDEEP

3145728:WqCi5FffffffshIH+tFk4SXRdGcFUDI2LnpjBmU9+3lE:WqCSFffffffqIGFk7hdGTpjBP

Score

4^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2708	Live2D_Cubism_Setup_5.0.00.exe
2708	Live2D_Cubism_Setup_5.0.00.exe
2708	Live2D_Cubism_Setup_5.0.00.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Live2D_Cubism_Setup_5.0.00.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2708	Live2D_Cubism_Setup_5.0.00.exe

C:\Users\Admin\AppData\Local\Temp\Live2D_Cubism_Setup_5.0.00.exe
"C:\Users\Admin\AppData\Local\Temp\Live2D_Cubism_Setup_5.0.00.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd895C.tmp\LangDLL.dll

Filesize
5KB

MD5
109b201717ab5ef9b5628a9f3efef36f

SHA1
98db1f0cc5f110438a02015b722778af84d50ea7

SHA256
20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

SHA512
174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

Download Submit
\Users\Admin\AppData\Local\Temp\nsd895C.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd895C.tmp\nsDialogs.dll

Filesize
9KB

MD5
ec9640b70e07141febbe2cd4cc42510f

SHA1
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

SHA256
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

SHA512
47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

Download Submit