67926e45822c5211691f2c32d10dcb10daf123a746a72e3ed906b6eec3e0bead

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd-ripper.exe
Size

2.7MB
MD5

acc7954f96ae5d7a46fb1fbc2971de81
SHA1

c044ba73987d7b8b85104b9ab1f8169ea8b0f320
SHA256

b6c482fb1d2193a206b5701571979c6700181b52918c3b430dbdc4ce6c6b7124
SHA512

f6a565433c6caa70ecee71ca681e655bc169b2dbba5d8016dfbfc05ddce1dbbfd3070a20a6f35b3d9868ac9260b4c8e7f05382a5af3ea426b7d1b1bb54186e8b
SSDEEP

49152:N5n9TgQ/Eni+eKMCS9sA86gbuP2id8dDHLqzjjer0nx9rwIXq2FpppVp9MvvZ:HiQ/+i+eKMsAnOJ/qzjaAPwIaOpp7q

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2152	cd-ripper.exe
2152	cd-ripper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cd-ripper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2152	cd-ripper.exe

C:\Users\Admin\AppData\Local\Temp\cd-ripper.exe
"C:\Users\Admin\AppData\Local\Temp\cd-ripper.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso2944.tmp\LangDLL.dll

Filesize
4KB

MD5
68a2bc20e9033d7d592c0e3db9b1c9a7

SHA1
48f32201f29d897164f4328b3358cca659262597

SHA256
7b5874ea96afe034b0d8a529ced3e97e12d712e9d1d2cb591b82bbce59105db3

SHA512
52283afd58e88b43364c99652cb3d94e8f59dba223aa3c2f5a858e6baf108bfcf99283a7e1f09728bf293f255077620b9a025bbf3ac09d4b22c7b37ea023e648

Download Submit
\Users\Admin\AppData\Local\Temp\nso2944.tmp\System.dll

Filesize
9KB

MD5
f3f4da651834fa4044ac1f0b52e23648

SHA1
868e93b5a840f21acb37eae4f934fa3cdf49412e

SHA256
0666031824869382068c7930620a3047e8df762c348d121d03c257efda2b2ee9

SHA512
10c0d78f0888ab2b5877b25eaded6a645458470573b5fdbe7bdd7dff7d01cf00827fcf0cab80d24ef8e3ddda444fa92c29e8e59f68ee6f4213d4d56d54dc228a

Download Submit