20e9891c9e355b036d6f530446f6e5811fd7db4b58ab1ecdf120653045be6602

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Easy GIF Animator 3.5.exe
Size

2.0MB
MD5

d818076bd3e0b6c24ed8490ea0e5068b
SHA1

c861984bcdef89a0f415aa672bed9a2f1cc8d021
SHA256

151515d530ae4fc93de06d8d39ac023e8f01dee847a727e2b0baeebd48f8c66b
SHA512

131252c48675b9b7172679bfa0e13b03bcf52f60a818459b829a0507bf893c7879dadc71de08dc8f8b7e0707a964e8fb14850e65c2a0bd34692ccc73cd5e4cbe
SSDEEP

49152:9koyjhMlxWG+qVH37lFtMLhpj/V33qRposbp9PnhsFSpDdcLHCWnFTnhX:9koOhlG+oH3/tMLDjoqsnmF8aRhX

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe
2400	Easy GIF Animator 3.5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Easy GIF Animator 3.5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	Easy GIF Animator 3.5.exe

C:\Users\Admin\AppData\Local\Temp\Easy GIF Animator 3.5.exe
"C:\Users\Admin\AppData\Local\Temp\Easy GIF Animator 3.5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdB230.tmp\ioSpecial.ini

Filesize
702B

MD5
e69d1a6e8f634c3d47df0480910a9229

SHA1
ed3e15303a79878419b95c10de12f7486892433a

SHA256
668beee2ae74396a860edd5bfe8ff72d056a3afa0df6c2516283b4ce6deb6e9d

SHA512
e5184cfbdc201fe53fd64d8b108a97befeaf20310481e84db95072edadb106603e514e7f1dd016cf1d96d80a3407414508fc3c3940f5fed511160ca50c249491

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB230.tmp\InstallOptions.dll

Filesize
13KB

MD5
72a5b5bcdcc3aff16a97c198aabd48b5

SHA1
4a3a1ca7a7becf363562c55bec1a6cb4a70a92dd

SHA256
fe0fcf5b6f227d64576d6df2309b635bd70a7b78bfdcf4e4382b6500e89b5bb7

SHA512
022881a167668ffc192eb84b7fc1ad7c90788b9ab61a7408b5f1284f235159c79b0bc445291546f77a991ab9fa4f3dca5879a2d79a086df5be490110ab10f151

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB230.tmp\NSISPlugin.dll

Filesize
306KB

MD5
b80d672cf30214925f779caab4d77433

SHA1
608da0002af898bcb0c044effa380cd4687ad89b

SHA256
4995e24709066a520a01bc9a4a38cd1beaa649a3c4948f88b45ed578df1cbb4d

SHA512
f5546669c092bc47a8049866eda044700a29fff6e018d6e2d8bd47ad53da06c162634573cfa9238b9bd95c2ad5d02455caf5530e480e8248e42d54856ab54c01

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB230.tmp\System.dll

Filesize
9KB

MD5
3592f2ab216066865f5944c8b095baff

SHA1
981ebe42cad24639e60a8cab65c236d074f17f18

SHA256
99af63da1d4bc148255e2743961c8e2aa5ba6c14e1e43973bc0f566fcfff48f5

SHA512
8e3968974132f882d6f738d6cae00727afd09682a69baff4b1db125819ec990d3c0e6bbc68fa2091df1115a3e2224c197cb7353f8e641d199b01448e46f2332d

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB230.tmp\UserInfo.dll

Filesize
3KB

MD5
e54884a9b77d17688ad6a7212432a724

SHA1
c16ee814229238a7d51bd10e4c5f1826c22b3489

SHA256
26577d2c5e540522916676c632adf84f0a4bb5b1aaa3bf7d3a4a687f7b3dd3e9

SHA512
1712437cbeb00e18006dbb3c034081c76a69a25f2a6809cbacc25ed7dff11c3b67b14849ddbf24a905dba497d9149bb0dafeae3e9b6f61abeee8098868f20ef1

Download Submit