db8d8c8bd4c8fe9b03c5ea364d5fff74caf4ff1e820998e27d70f899b869e3cb

Analysis

max time kernel
103s
max time network
22s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UbisoftConnectInstaller.exe
Size

217.0MB
MD5

aad1aba5a12b9a4db05fd83f4c55ce04
SHA1

541aad7f21c36b236cd7ed4686b18ef9998cc63a
SHA256

db8d8c8bd4c8fe9b03c5ea364d5fff74caf4ff1e820998e27d70f899b869e3cb
SHA512

f4ea88a5e1c02c43465382a8dd13bddf48ad40cffe599d77912213b81bd384e212042ad69abe074308f5fc9269ff2583c33500594ca4ba6a30a6363de766bf3c
SSDEEP

3145728:nzZ3u8v4b78uROXJ7L6WZErguwoWZiKSso+DdniQdSwx6uJWEFyJdS14kdjMcfI7:nz84V71L6WwsoWgKSMcnEF17jPQmJInJ

Score

4^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3052	UbisoftConnectInstaller.exe
3052	UbisoftConnectInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UbisoftConnectInstaller.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3052	UbisoftConnectInstaller.exe

C:\Users\Admin\AppData\Local\Temp\UbisoftConnectInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\UbisoftConnectInstaller.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nseE3BB.tmp\LangDLL.dll

Filesize
5KB

MD5
109b201717ab5ef9b5628a9f3efef36f

SHA1
98db1f0cc5f110438a02015b722778af84d50ea7

SHA256
20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

SHA512
174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

Download Submit
\Users\Admin\AppData\Local\Temp\nseE3BB.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit