Analysis

  • max time kernel
    120s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 00:32

General

  • Target

    NERO55/NERO/WAVEEDITOR/RECORDING.dll

  • Size

    296KB

  • MD5

    cda44e7f1e42d2d8090722b0f97c8849

  • SHA1

    4797eb94cc7d65eb6fee82a572abcfd8ecd8dedc

  • SHA256

    1cfcaa2e4aee8cbb773a71c986df140145d492b76b5521ac7be8167350ccbd57

  • SHA512

    e5cc1118f986bfa057f66d59b5ac44d4ddfc59667f9eefc8da3b689ef573652287ab46f1ff4c7e0f482b43fd13efe55358bcc9000ad65b6dbdb028c9dee38182

  • SSDEEP

    6144:Pl5oZ5EDLVkoIBBRxLuo2dCnI1+DGkOtl:N+Z5hHnx12wI1T

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NERO55\NERO\WAVEEDITOR\RECORDING.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\NERO55\NERO\WAVEEDITOR\RECORDING.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads