b572b5796a4d51d7f132d3a2e44ce55bc29829de76a7640d99ec098b3f8aff25

Resubmissions

02/09/2024, 10:22

240902-mebp5aygke 3

02/09/2024, 10:07

240902-l5mdwayeqg 6

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Touhou PC98 Collection/GAMES/np21nt.exe
Size

940KB
MD5

51856b0f00af5a79274d8f5e323f1578
SHA1

b8c5de85e1294d48bc8c5704282242c6541f6990
SHA256

246305b0e4b91726b4114b94c3639cc63eaf63159ddca392bde862fb2c1ed191
SHA512

d22bcf6e18cdf151c2416ee9897821d1584d337944af4082426ba54c0630a265443e7549c44b8d569ebdef315fa5a9110a46bf9fa2a687b40dce1434de853d12
SSDEEP

12288:caAkz/OSxhjzV+IJndFHPYzXWBGasz1GOEQZ5oTAdyXaCE6Al7FbYglXUJw1xrg0:ca7hHkETBGJVYgFSwwWdnPlT4nT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	np21nt.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4984	np21nt.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3840	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3840	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4984	np21nt.exe
4984	np21nt.exe

C:\Users\Admin\AppData\Local\Temp\Touhou PC98 Collection\GAMES\np21nt.exe
"C:\Users\Admin\AppData\Local\Temp\Touhou PC98 Collection\GAMES\np21nt.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x3e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads