18d3ee5ecf45fc7d523089fbe3a942feff27e45fd0022b3cfd7a2d1c09a74cf1

Analysis

max time kernel
139s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wineim_6_setup.exe
Size

4.1MB
MD5

d6d46c23c735a4cacb2ac43fae0d49ee
SHA1

4b239b8ca961f317a88416e77b0b8f9efdef1544
SHA256

2f8cafb50226940e73408e69720ca901ebd60239c0c8f3f9a70aa1e074323560
SHA512

76f7cdfef303729dbb48f17a15825543f163af2ae57157eca3be35f3669057a8bca64ab514ae8bf68c5dc258d14c78204277f9e7083d1ebd529a844b7054f0f5
SSDEEP

98304:50oamX0kLjCznIrnDwZmuBKCi8zM5HFsZ3SaHdqbtqymy0H:507mX0k/CzIrDsmFpXHFsEaOtMR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4772	wineim_6_setup.exe
4772	wineim_6_setup.exe
4772	wineim_6_setup.exe
4772	wineim_6_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wineim_6_setup.exe

C:\Users\Admin\AppData\Local\Temp\wineim_6_setup.exe
"C:\Users\Admin\AppData\Local\Temp\wineim_6_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstA913.tmp\Banner.dll

Filesize
3KB

MD5
043f3f323088d2f10ac942ef6f393a7d

SHA1
56ae6d5e477b879b85222c35f64ac0eea3f67549

SHA256
de59f8df95ca5d886324927b23b2c4de3baf828fa6a2fb18d7e266f99569c312

SHA512
ba5434d058bc2c031ab5b84e45168f7365d8863b662db0cced1ec2e5912b7ba6f7641a3f09632a1756ddf1880af13138c06de68176a1d408d4abd2acec3d07d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA913.tmp\InstallOptions.dll

Filesize
12KB

MD5
b3ebe1cb6bdd529302c121dd4e2e0d00

SHA1
305f022e7e3ef0ae6cdc5f18bd6adc3032f64304

SHA256
5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2

SHA512
6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA913.tmp\Splash.dll

Filesize
4KB

MD5
281a695d64d136356ebf3c359d487cc4

SHA1
bdd621c9e92f7616d86fa58e4c89592c7ad2f856

SHA256
bacb0cfab8aa26a7123e3dd0df5d538bde48047099e884464ae6e91e170bb9d6

SHA512
9b6d4531e39c5dceec9ede506908341e1957047ebf7bdd7eb39e5d782e0c85f63c8fd16a41f519127077d14eaa7cc87fd043aa0fe886d04be0eafc61abfb9075

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA913.tmp\ioSpecial.ini

Filesize
684B

MD5
f1daaa884e1ce82045bc39778c57f054

SHA1
38e033758d17aa4c5fe8446004324b2f0537f40e

SHA256
72c6e89a236c26509156d4618efd2a22db454f8e0a1066ad652e3ea487272af2

SHA512
acbf06cd30ad79db9bee8178716d2a20351ae7edf56d1285db7d4dbb04d6ede7ab178823c782da4f05600b40c1b4ee787b29c3e0b182f12f103c7f66cfeb5714

Download Submit