f57c1ea32aeca71a26d25590f275de29d3c3072869da02111a76035307c30bb6

Analysis

max time kernel
140s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe
Size

729KB
MD5

19b0377c359dc2ca1cb1f81465a72585
SHA1

8bf20592025291567b35700d29578da6a3734439
SHA256

6244a72779d2c3619b95292a881837876288697b64c7bcd0571acdde28d153b2
SHA512

9f9890b6053d1eaabefbc2af39ec19b3802d1178459442d9b5104410ce5375a613aee112c08b1e3ca0b342a28226be5c067215eaca0b44c5aecb1692fed1c7f3
SSDEEP

12288:er/6zp1WktZNeCjEkn65ZzxT4AJa44/lseFlKZpWyt4Noyqwug2aRA0+fKU1dJpB:mGp1f9ew3uVqAJarHTA5coy7tmPbdJOq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2688	mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe
2688	mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe
2688	mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe

C:\Users\Admin\AppData\Local\Temp\mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe
"C:\Users\Admin\AppData\Local\Temp\mod_sa for CM.v4.3.1.3.SA-MP.v0.3e.Setup(eng).exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nse60C8.tmp\System.dll

Filesize
10KB

MD5
4c0c6163b636f627e0d505deda672c90

SHA1
2eae4e6f00673a03ae2434f1b22dc9218e4761a8

SHA256
bea71368433f91e32c597db990089ecb7599879f76a64f7f3446489578b2d5fb

SHA512
e817ad35f0e89ecce9d73add641d9eab95de6c6c30153e594673c8e0243e738a31dfb872cc76a8d51bc513775fc1dabc9adb65019298048539d6c3aa7d33e2ef

Download Submit
\Users\Admin\AppData\Local\Temp\nse60C8.tmp\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
\Users\Admin\AppData\Local\Temp\nse60C8.tmp\brandingurl.dll

Filesize
3KB

MD5
028857ee4bf29e5379b19027df010071

SHA1
8cba90942b3ea405f70e4ae899bb08f7b58dfe70

SHA256
798ce85390508959953b55d966ee3ad8fae938cb107233876566a5823d339a66

SHA512
e08d91f53039a1ec0c768a873b91901cae3fa7b91f368157c3adca12cb439b627e9d4558b49d747ef7fe6250a51693183ca29422603bf102bee05aa410539b8c

Download Submit
memory/2688-24-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-26-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-19-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-20-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-21-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-22-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-23-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-10-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-25-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-11-0x0000000000632000-0x0000000000633000-memory.dmp

Filesize
4KB

Download
memory/2688-27-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-28-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-29-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-30-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-31-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-32-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download
memory/2688-33-0x0000000000620000-0x0000000000633000-memory.dmp

Filesize
76KB

Download