Resubmissions

14-08-2024 14:24

240814-rqs6rs1hrq 7

14-08-2024 14:23

240814-rp8j3a1hpm 7

Analysis

  • max time kernel
    152s
  • max time network
    204s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-08-2024 14:24

General

  • Target

    DTS Sound Unbound fissuré[RPAurdOOPm].exe

  • Size

    72.4MB

  • MD5

    aa839c4ce778f6c5b7ed3b7421d03c46

  • SHA1

    da3b42365aa4bc0187d07d923d27b8bf7c12383e

  • SHA256

    72edf2df847b2ef47a4c048f9fa0cd6acf18065d6ee62959628afe9d92d6e384

  • SHA512

    7e8c05dcebada0996ea4427d21d09fe2a9eba98302a7485092bad84a1c9107255f497b2b1aaf355abb9568af1fee2af1e8a5ba52371b49d109588360f561a453

  • SSDEEP

    1572864:iWLpl4l5haDKqT6KOipjnvSyPlvWs9ucbVYhNeS4/FO+3JVl7NwHzLtfTXrV:hlle5xKOiJSyPlvKmS4Z3/l7uHzL9T7V

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DTS Sound Unbound fissuré[RPAurdOOPm].exe
    "C:\Users\Admin\AppData\Local\Temp\DTS Sound Unbound fissuré[RPAurdOOPm].exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3916
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 2468
      2⤵
      • Program crash
      PID:3712
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3916 -ip 3916
    1⤵
      PID:5004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\ButtonEvent.dll

      Filesize

      5KB

      MD5

      c24568a3b0d7c8d7761e684eb77252b5

      SHA1

      66db7f147cbc2309d8d78fdce54660041acbc60d

      SHA256

      e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

      SHA512

      5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\System.dll

      Filesize

      13KB

      MD5

      bc58b916e22d2be2e5f1fe7108df133a

      SHA1

      6b8c899e946e37e5c272bf09eebe51593f4a651e

      SHA256

      d287d15c333b18dc23377a03c6b3d95f0e8992ac2a05add56d5b82070eb8e658

      SHA512

      9a209591f70c8d3544a03f8e429a5a2aa576c8a36c588aca2a29877f041815bb7fe46467ae44ab52acb087011fcda77d89b01eb0dbe478be4bc727cbe8085851

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\UAC.dll

      Filesize

      18KB

      MD5

      113c5f02686d865bc9e8332350274fd1

      SHA1

      4fa4414666f8091e327adb4d81a98a0d6e2e254a

      SHA256

      0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

      SHA512

      e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\WebBrowser.dll

      Filesize

      89KB

      MD5

      217d4d87b8bebfc483d9e3c19eb78603

      SHA1

      c91f732f8f779a5eadcd8cd250e0d0bdaf2132ab

      SHA256

      a2db50d7d93c1f6556a6c1574a712e060099e14638626493ffa8385602606043

      SHA512

      6ce02b74ee306cf7544c0d7b0e4ef9aefb7e029562d5388feb8b66c5490e57449a01ba6ea04202898ee5107d6afc779329c0b2ee26895c7d236c3edb0a91bf93

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\index.html

      Filesize

      1KB

      MD5

      87dd9e85b862bdaaa3638d7d80aa2fca

      SHA1

      b963cf0c3169c2048c8226a72ff61eac1527c20b

      SHA256

      b336a9e296635fa1ac9b2b4466edf72ed2640d519b4974893a8ab37dd5a248e4

      SHA512

      ae74800ae5c8e900fdeafd40f0ebd9eee2ffa1ea920ea8519efe0b39d666b4ea2e56456d4bdb0dec98b5ecc4b41bbed08a878122f941f210de3b9269f355fd3e

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\nsDialogs.dll

      Filesize

      11KB

      MD5

      80ff0bfbf6863ff8ee124dabd18de88c

      SHA1

      c95a73a22459131f9e7fdcad16b34e29b4088437

      SHA256

      3668e66fa10df59db771ee6d81b8075a5e9bf591cced779bb146ff79e55c8e26

      SHA512

      8261fda3f5b93d8c788d2ab4784b6e3eab398122647be10ef2819e64a19e181ec63c42b29cc07e96592fd305e7d58ab385fa09e93b52c715568fb6da1fd3e41e

    • C:\Users\Admin\AppData\Local\Temp\nsg95BA.tmp\nsJSON.dll

      Filesize

      23KB

      MD5

      f4d89d9a2a3e2f164aea3e93864905c9

      SHA1

      4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

      SHA256

      64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

      SHA512

      dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2