28c544ad28dbd0a7456a5008eadb82a62ddbc235a0ddf03bba87cdc49a8f3836

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kuwo-v1.2.16/kuwo1216.exe
Size

1.4MB
MD5

37c78d8c15d5c670355f83f45fbe1d93
SHA1

7c8bff302200de53a52febf2f08bdd9d07a55e13
SHA256

b64dd866096296f6d8c655dafb14eab548a56ecaed3c6df04dc254bcf5f01ac4
SHA512

f9a4a87078cdd1ef51dc0ff6b0548614da576b3fdfba5d752c29841905d7843af3d33d9b975ec076e92a77d85fbb779654271f53d123b213937862893031a6d9
SSDEEP

24576:BxFtr+GNlg5rG0yAnHl9j9FULk+xzBD/Q/WKo/lastIei3Y/Lb:BV6GirNyMl9j96k+U/WKo0LeoYP

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2632	kuwo1216.exe
2632	kuwo1216.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kuwo1216.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2632	kuwo1216.exe

C:\Users\Admin\AppData\Local\Temp\kuwo-v1.2.16\kuwo1216.exe
"C:\Users\Admin\AppData\Local\Temp\kuwo-v1.2.16\kuwo1216.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
8f52a9ef3560a691b21ceba516d4be0b

SHA1
4caccff6d4640662456b6573dc7f2210945a0d25

SHA256
88d106dc07a1e27240603b18ff341eb4aa98ea89e52549f8c1e02c1f0d94bcd1

SHA512
6364ce682d13f4567c2e03450b1f07fd6327773e87ab190b0881d135185b208ad38f1e74b70ae65e14b2920c5482dffbc533e6df6a075fa7f844b10e0f6b4eaf

Download Submit