Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 02:09

General

  • Target

    ezmsetup.exe

  • Size

    1.4MB

  • MD5

    81d0ef502e45826a03b689201d6e9c90

  • SHA1

    591cd20947aad97c34ad277d744e2708ea3cb1a4

  • SHA256

    d492da1c5b6d451174de346d8f21edc23fbce3d37d0174b236697d9053451abe

  • SHA512

    e77fd0e40678c8ddd3384c59be2300cf94b45842a1354d0fb0661ba4545d6e7655538e173b58f53ab44757651454bb100fd949adb3b5449b3506a2b57b4f4c35

  • SSDEEP

    24576:UC99h7sFCGEBKBS3tqi5psq1zKzTqXOjJUZOiRTcTAfZKNhT+L0/AEO6YUqE:UCBskpUkpsq1KzTriRQzNhVL1j

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ezmsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ezmsetup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy8D34.tmp\ioSpecial.ini

    Filesize

    708B

    MD5

    0c6c480362a1d91f3cc8c1cefe38a4bc

    SHA1

    cc71bfa52b738fc93dfedbd2ba66b76105697b7a

    SHA256

    9a151c3b805a03a75baad0fa28d66f7338ffa92768dc383d640bd02e56afbc87

    SHA512

    318a6b1fd86aa1d9d083a007a91e811de6fbb71c96606698876b408da8055e87bb454cd0f5bf862c5bf6d8d5ac4aa638e19199bd4477ccad9dc37cb827ac2d76

  • \Users\Admin\AppData\Local\Temp\nsy8D34.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    f407939127208a009b9a825cb77ed3c7

    SHA1

    051d7fccf3fb544acaa8ab6be590bb4bc79cef82

    SHA256

    191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d

    SHA512

    d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901

  • \Users\Admin\AppData\Local\Temp\nsy8D34.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    c3cc2c281cb7c75ee8109bea13fc3880

    SHA1

    e7242cf294dd9f75ac3019c60885f2ee80d4263b

    SHA256

    0dd77f65cc2ce16ecb32ecbfe2da424dcf42909d3b8ccf8678ccfdc04f62f667

    SHA512

    0626fba394f39d7e485f3bfccfc0bfed0ce0b925d8d1b7189540aba5999b5ce75733a30b42179fc2a0f7c09db32a21d8e7cb27ce3d81f6e9a09e9df9d1f37aba