8eec28a851afa1401a4e559ebf54eaca36e2cdee4c2f09f03be3d2b8c9183a3f

Analysis

max time kernel
101s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jyzm-v0.9beta.exe
Size

1.7MB
MD5

0cac53381486d8fadede4fc5efc0f528
SHA1

849bde62c51540ce65325c398c5441bc21c75841
SHA256

bb96fd450a39abac4729438e5d3381fc497b812fb673cc74512a051409138a0f
SHA512

ac52b290228fbf06c43fba22fa2d8e7e12be93591261b8ae9572e710d0aa61a9505edcc021dd2b9de1dec17e1d558cd80cb84ec12fe16368b17015d71b972553
SSDEEP

49152:THbm/hpuUOQj9/sgfDQNQKbt3nrDUx8UBtNWPWS:7bm/hpwHiDQN93rG8U7NWeS

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1424	jyzm-v0.9beta.exe
1424	jyzm-v0.9beta.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jyzm-v0.9beta.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1424	jyzm-v0.9beta.exe
1424	jyzm-v0.9beta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1424	jyzm-v0.9beta.exe

C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe
"C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsu1C39.tmp\ioSpecial.ini

Filesize
607B

MD5
d30a31d82c7327acc40d3ce75ba1cd64

SHA1
f3964565bb4d0cb3bfc88ff1f714e0a4b8ed11ab

SHA256
593c05fe2433cca0a00ede724ec0d97e4fa23ea1b95b5126f8fa4051b4b5079c

SHA512
79696abb1b92a204d4eeec891fe5138c03ef775e7b9e548cef5babd0aa6df98abe15657a66a150c2dfe2d8205245397eb0565ede326a403d3a383effa70837b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu1C39.tmp\ioSpecial.ini

Filesize
646B

MD5
64ed5e9d73d651e9e400d87ed6142971

SHA1
841746d2af5e85a21c03093ba7097d31134776f4

SHA256
220ea2f60d1893cf9e09c77da4b8be9e7e7640a12a0773d728c89fa8ca5a9987

SHA512
92ec1d4ed84ff050967e34ed9a5767e21d4853841370c17b6636040d6b0a121caa9a471a3c0953713a7effc80f4b2f7a453664611341479625b88013618229b0

Download Submit
\Users\Admin\AppData\Local\Temp\nsu1C39.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsu1C39.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit