e1d2362f0bf622de97c99833516fa7c50ebce8bc6e824a7a3dedd3f8b487c679

Resubmissions

01/09/2024, 14:15

240901-rkpldssgrl 7

Analysis

max time kernel
240s
max time network
286s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/09/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrap Studio 6.7.3 x64_SoftoRooM/Crack/keygen.exe
Size

151KB
MD5

0dffe0144c0b3dc03732ea25e173679d
SHA1

2bf591f69977bbd7937a3e0e9639180a1a626cd3
SHA256

9a6034593d47e6acc583dfcfeb439851d90153445ef6f7ac6a9f575c057e4e34
SHA512

68f78167700a97fed48a99db10b496b1a52a8d11cc13f60c7c7eab0fa3d2205cfeaeda4aa38e3a9d1d5dbe788256639b1533e039930d3f395f14f48b7dc81791
SSDEEP

3072:AC3xr5YPdvE7Tgof+DLo+djcQHiZyf/sifj5fiTpQQNP:AC3lEd87Tg/0+mQHoEsaJhQ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1480	keygen.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4288	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Bootstrap Studio 6.7.3 x64_SoftoRooM\Crack\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrap Studio 6.7.3 x64_SoftoRooM\Crack\keygen.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/1480-27-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-49-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-6-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-13-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-29-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-5-0x00000000008D0000-0x00000000008FD000-memory.dmp

Filesize
180KB

Download
memory/1480-25-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-23-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-31-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-33-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-35-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-37-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-39-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-41-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-43-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-45-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-47-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-3-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-51-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-52-0x00000000008D0000-0x00000000008FD000-memory.dmp

Filesize
180KB

Download