25163fdcf3c723cf4c8b987cc02bda9883d3227d528591ce6e4b8bd3576d06d6

Analysis

max time kernel
78s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ezmsetup.exe
Size

1.4MB
MD5

81d0ef502e45826a03b689201d6e9c90
SHA1

591cd20947aad97c34ad277d744e2708ea3cb1a4
SHA256

d492da1c5b6d451174de346d8f21edc23fbce3d37d0174b236697d9053451abe
SHA512

e77fd0e40678c8ddd3384c59be2300cf94b45842a1354d0fb0661ba4545d6e7655538e173b58f53ab44757651454bb100fd949adb3b5449b3506a2b57b4f4c35
SSDEEP

24576:UC99h7sFCGEBKBS3tqi5psq1zKzTqXOjJUZOiRTcTAfZKNhT+L0/AEO6YUqE:UCBskpUkpsq1KzTriRQzNhVL1j

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3048	ezmsetup.exe
3048	ezmsetup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ezmsetup.exe

C:\Users\Admin\AppData\Local\Temp\ezmsetup.exe
"C:\Users\Admin\AppData\Local\Temp\ezmsetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsaD340.tmp\InstallOptions.dll

Filesize
12KB

MD5
f407939127208a009b9a825cb77ed3c7

SHA1
051d7fccf3fb544acaa8ab6be590bb4bc79cef82

SHA256
191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d

SHA512
d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaD340.tmp\LangDLL.dll

Filesize
5KB

MD5
c3cc2c281cb7c75ee8109bea13fc3880

SHA1
e7242cf294dd9f75ac3019c60885f2ee80d4263b

SHA256
0dd77f65cc2ce16ecb32ecbfe2da424dcf42909d3b8ccf8678ccfdc04f62f667

SHA512
0626fba394f39d7e485f3bfccfc0bfed0ce0b925d8d1b7189540aba5999b5ce75733a30b42179fc2a0f7c09db32a21d8e7cb27ce3d81f6e9a09e9df9d1f37aba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaD340.tmp\ioSpecial.ini

Filesize
708B

MD5
8d772b100dfee175774dbadee251d2e6

SHA1
e1d1040ec45f9412cc15da856e6adf77fb50cf42

SHA256
84c637db53bec412561806f0155909f07c5ec81e62b245c6b8ecadf03a1bfbff

SHA512
16dc47c30734b7f1227e7da3eea76e47e1bebd84b4aaf19b64b037a30572263a0321fbb0c668fbd9a97d5f3a5b1b12064989d25a74a9ab7c03bb8fce0464c62f

Download Submit