Analysis
-
max time kernel
152s -
max time network
204s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-08-2024 14:24
Static task
static1
Behavioral task
behavioral1
Sample
DTS Sound Unbound fissuré[RPAurdOOPm].exe
Resource
win11-20240802-en
General
-
Target
DTS Sound Unbound fissuré[RPAurdOOPm].exe
-
Size
72.4MB
-
MD5
aa839c4ce778f6c5b7ed3b7421d03c46
-
SHA1
da3b42365aa4bc0187d07d923d27b8bf7c12383e
-
SHA256
72edf2df847b2ef47a4c048f9fa0cd6acf18065d6ee62959628afe9d92d6e384
-
SHA512
7e8c05dcebada0996ea4427d21d09fe2a9eba98302a7485092bad84a1c9107255f497b2b1aaf355abb9568af1fee2af1e8a5ba52371b49d109588360f561a453
-
SSDEEP
1572864:iWLpl4l5haDKqT6KOipjnvSyPlvWs9ucbVYhNeS4/FO+3JVl7NwHzLtfTXrV:hlle5xKOiJSyPlvKmS4Z3/l7uHzL9T7V
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3712 3916 WerFault.exe 81 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DTS Sound Unbound fissuré[RPAurdOOPm].exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe 3916 DTS Sound Unbound fissuré[RPAurdOOPm].exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DTS Sound Unbound fissuré[RPAurdOOPm].exe"C:\Users\Admin\AppData\Local\Temp\DTS Sound Unbound fissuré[RPAurdOOPm].exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3916 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 24682⤵
- Program crash
PID:3712
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3916 -ip 39161⤵PID:5004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5c24568a3b0d7c8d7761e684eb77252b5
SHA166db7f147cbc2309d8d78fdce54660041acbc60d
SHA256e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
SHA5125d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443
-
Filesize
13KB
MD5bc58b916e22d2be2e5f1fe7108df133a
SHA16b8c899e946e37e5c272bf09eebe51593f4a651e
SHA256d287d15c333b18dc23377a03c6b3d95f0e8992ac2a05add56d5b82070eb8e658
SHA5129a209591f70c8d3544a03f8e429a5a2aa576c8a36c588aca2a29877f041815bb7fe46467ae44ab52acb087011fcda77d89b01eb0dbe478be4bc727cbe8085851
-
Filesize
18KB
MD5113c5f02686d865bc9e8332350274fd1
SHA14fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA2560d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284
-
Filesize
89KB
MD5217d4d87b8bebfc483d9e3c19eb78603
SHA1c91f732f8f779a5eadcd8cd250e0d0bdaf2132ab
SHA256a2db50d7d93c1f6556a6c1574a712e060099e14638626493ffa8385602606043
SHA5126ce02b74ee306cf7544c0d7b0e4ef9aefb7e029562d5388feb8b66c5490e57449a01ba6ea04202898ee5107d6afc779329c0b2ee26895c7d236c3edb0a91bf93
-
Filesize
1KB
MD587dd9e85b862bdaaa3638d7d80aa2fca
SHA1b963cf0c3169c2048c8226a72ff61eac1527c20b
SHA256b336a9e296635fa1ac9b2b4466edf72ed2640d519b4974893a8ab37dd5a248e4
SHA512ae74800ae5c8e900fdeafd40f0ebd9eee2ffa1ea920ea8519efe0b39d666b4ea2e56456d4bdb0dec98b5ecc4b41bbed08a878122f941f210de3b9269f355fd3e
-
Filesize
11KB
MD580ff0bfbf6863ff8ee124dabd18de88c
SHA1c95a73a22459131f9e7fdcad16b34e29b4088437
SHA2563668e66fa10df59db771ee6d81b8075a5e9bf591cced779bb146ff79e55c8e26
SHA5128261fda3f5b93d8c788d2ab4784b6e3eab398122647be10ef2819e64a19e181ec63c42b29cc07e96592fd305e7d58ab385fa09e93b52c715568fb6da1fd3e41e
-
Filesize
23KB
MD5f4d89d9a2a3e2f164aea3e93864905c9
SHA14d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA25664b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2