ddb4fba8c375020d3135d7cb842e7922065ff907e642caa26835a2791657de79

Analysis

max time kernel
128s
max time network
130s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12-08-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Meatspin[Mini].exe
Size

8.3MB
MD5

3eb21edf597be0cc6f3b3caa950876ad
SHA1

a6f426daeb8f9b55a398912d657ab862c692542d
SHA256

ddb4fba8c375020d3135d7cb842e7922065ff907e642caa26835a2791657de79
SHA512

53b0fbe84b41a42328b0d25303f6a1272fbc99e9a54b83c92433a768396c029259ce66b18e2a632c3842294f15add779b71aa1fa4c6bb8b435fbfbbffec2028d
SSDEEP

196608:LIZuaF4DiwTv3ta/46yX+GtxPKloNAJ9BJhjQ6+GzFuvJGg/w6w:oF4DiwTvk/OtxP499+6PFuI8wd

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
5068	Meatspin[Mini].exe
5068	Meatspin[Mini].exe
5068	Meatspin[Mini].exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Meatspin[Mini].exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5068	Meatspin[Mini].exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4432	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5068	Meatspin[Mini].exe

C:\Users\Admin\AppData\Local\Temp\Meatspin[Mini].exe
"C:\Users\Admin\AppData\Local\Temp\Meatspin[Mini].exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrt831A.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
\Users\Admin\AppData\Local\Temp\mrt831A.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
\Users\Admin\AppData\Local\Temp\mrt831A.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
memory/5068-22-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-19-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-21-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-30-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download
memory/5068-28-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download
memory/5068-26-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download
memory/5068-23-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-25-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download
memory/5068-20-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-29-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download
memory/5068-17-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-18-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-16-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-15-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-14-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-13-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-11-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-12-0x0000000001010000-0x0000000001115000-memory.dmp

Filesize
1.0MB

Download
memory/5068-27-0x0000000073B40000-0x0000000073BB8000-memory.dmp

Filesize
480KB

Download