Overview
overview
7Static
static
7cd-ripper.exe
windows7-x64
7cd-ripper.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3MACDll.dll
windows7-x64
3MACDll.dll
windows10-2004-x64
3MP2enc.dll
windows7-x64
3MP2enc.dll
windows10-2004-x64
3Plugins/in_APE.dll
windows7-x64
3Plugins/in_APE.dll
windows10-2004-x64
3Plugins/in_faad.dll
windows7-x64
3Plugins/in_faad.dll
windows10-2004-x64
3Plugins/in_flac.dll
windows7-x64
3Plugins/in_flac.dll
windows10-2004-x64
3Plugins/in_mad.dll
windows7-x64
3Plugins/in_mad.dll
windows10-2004-x64
3Plugins/in_mod.dll
windows7-x64
3Plugins/in_mod.dll
windows10-2004-x64
3Plugins/in_mp3.dll
windows7-x64
3Plugins/in_mp3.dll
windows10-2004-x64
3Plugins/in_vorbis.dll
windows7-x64
3Plugins/in_vorbis.dll
windows10-2004-x64
3Plugins/in_vqf.dll
windows7-x64
3Plugins/in_vqf.dll
windows10-2004-x64
3Plugins/tvqdec.dll
windows7-x64
3Plugins/tvqdec.dll
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 03:19
Behavioral task
behavioral1
Sample
cd-ripper.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cd-ripper.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
MACDll.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
MACDll.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
MP2enc.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
MP2enc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Plugins/in_APE.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
Plugins/in_APE.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Plugins/in_faad.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Plugins/in_faad.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Plugins/in_flac.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
Plugins/in_flac.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Plugins/in_mad.dll
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
Plugins/in_mad.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Plugins/in_mod.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
Plugins/in_mod.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Plugins/in_mp3.dll
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
Plugins/in_mp3.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Plugins/in_vorbis.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
Plugins/in_vorbis.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Plugins/in_vqf.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
Plugins/in_vqf.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Plugins/tvqdec.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
Plugins/tvqdec.dll
Resource
win10v2004-20240802-en
General
-
Target
cd-ripper.exe
-
Size
2.7MB
-
MD5
acc7954f96ae5d7a46fb1fbc2971de81
-
SHA1
c044ba73987d7b8b85104b9ab1f8169ea8b0f320
-
SHA256
b6c482fb1d2193a206b5701571979c6700181b52918c3b430dbdc4ce6c6b7124
-
SHA512
f6a565433c6caa70ecee71ca681e655bc169b2dbba5d8016dfbfc05ddce1dbbfd3070a20a6f35b3d9868ac9260b4c8e7f05382a5af3ea426b7d1b1bb54186e8b
-
SSDEEP
49152:N5n9TgQ/Eni+eKMCS9sA86gbuP2id8dDHLqzjjer0nx9rwIXq2FpppVp9MvvZ:HiQ/+i+eKMsAnOJ/qzjaAPwIaOpp7q
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2152 cd-ripper.exe 2152 cd-ripper.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cd-ripper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2152 cd-ripper.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD568a2bc20e9033d7d592c0e3db9b1c9a7
SHA148f32201f29d897164f4328b3358cca659262597
SHA2567b5874ea96afe034b0d8a529ced3e97e12d712e9d1d2cb591b82bbce59105db3
SHA51252283afd58e88b43364c99652cb3d94e8f59dba223aa3c2f5a858e6baf108bfcf99283a7e1f09728bf293f255077620b9a025bbf3ac09d4b22c7b37ea023e648
-
Filesize
9KB
MD5f3f4da651834fa4044ac1f0b52e23648
SHA1868e93b5a840f21acb37eae4f934fa3cdf49412e
SHA2560666031824869382068c7930620a3047e8df762c348d121d03c257efda2b2ee9
SHA51210c0d78f0888ab2b5877b25eaded6a645458470573b5fdbe7bdd7dff7d01cf00827fcf0cab80d24ef8e3ddda444fa92c29e8e59f68ee6f4213d4d56d54dc228a