28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832

Analysis

max time kernel
141s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

emule.exe
Size

5.5MB
MD5

f3f709c2d49dd6636f4ede5c2cae5448
SHA1

8e0ea03e4c38199e10a2bc12db8b2df70484111d
SHA256

06cdf814387f627a4bd05a0c68211f715bfa952423e8e8a462e1f47c11a4d20e
SHA512

7a0df912b5ddc149d770260a2e1a3f55e58ac2e9ef02883e8baa08e79261075b82955bc8e57641bb2c16983abcada2581850fafc11b92a133605127bda80513e
SSDEEP

49152:/BGoXbyOj8LePLHcPPLRCAnyOTxP9DzE4GEATLHYiipKXePi9Wxmw7b4ZC1VTWS3:rEWLHcPFCv745ATLHY1kO6g0w7b0XiG

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	emule.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\shell\open	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe\" \"%1\""	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe"	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\URL Protocol	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\shell\open\command	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\shell	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\DefaultIcon	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\ed2k\ = "URL: ed2k Protocol"	emule.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3712	emule.exe
3712	emule.exe
3712	emule.exe
3712	emule.exe
3712	emule.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3712	emule.exe
3712	emule.exe
3712	emule.exe
3712	emule.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3712	emule.exe
3712	emule.exe
3712	emule.exe
3712	emule.exe

C:\Users\Admin\AppData\Local\Temp\emule.exe
"C:\Users\Admin\AppData\Local\Temp\emule.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\eMule\config\preferences.ini

Filesize
26B

MD5
ec0280f3f439c6febb6b49883c5c100e

SHA1
642fe5a3945184440c48368e92c0d6be4c195326

SHA256
f124bff0c7833f05418d9980d994152346329d8ca56d080840859aca3a78f151

SHA512
cb5e24ed70c9228eeb0028be1ed1cd69c1bc7961f203290a6fa9b0f55780167ca4d989ce09a2f654504da5bcc9e4ce79ea4f5121680a62fb65bcf929f109f5fc

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
6a0731d6da970ae08633dce4df2e4f73

SHA1
89eb8d857f0e6be558c33367e7ee8b766d56f499

SHA256
7648585d745d406889a79d1ca5642dd64c0a563b4ed83f8a26144f0478832bb2

SHA512
6e2df53aa44d14d0234de4fe68e7efbb337002ec4d99f9d529a30e1111c1219a923617f27fea0602b663a23fcd85d5145fed3869ac9f34d98c5a77fb4e01bb34

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
c80fc52035a56237346779404837b3d3

SHA1
7b4c039394ed592bc3d010d140d34084faf64cc2

SHA256
3f959d50e42c2fce34ecf6eda1d654579b81284b23b1bdad141892f6a2dafc78

SHA512
8abb4341e298828d0172d3acd5ebda8604431e17219d4aea194415d6e68012f7f32087a292477aac2d46fa5153b813a4971850cbb7717315e97f88b638e84579

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
0afd7dc11a5bbd20b4ac1a95c38ed3b9

SHA1
4e951590e701052d9f056ffdf385930286f3c1da

SHA256
7a249ed5b8bbc9300d624c4c3cf5c282c44ebaa8ca0420b1f3fdb85c75421819

SHA512
b756c9e8a0adca6a94fb95e511699447c0a635bc4c7b2973ce8bb14731760e2aac850feb6c0dce24d8ac45350d1a8629e619b74147b7364c3f2e4e5ea3103125

Download Submit