8eec28a851afa1401a4e559ebf54eaca36e2cdee4c2f09f03be3d2b8c9183a3f

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jyzm-v0.9beta.exe
Size

1.7MB
MD5

0cac53381486d8fadede4fc5efc0f528
SHA1

849bde62c51540ce65325c398c5441bc21c75841
SHA256

bb96fd450a39abac4729438e5d3381fc497b812fb673cc74512a051409138a0f
SHA512

ac52b290228fbf06c43fba22fa2d8e7e12be93591261b8ae9572e710d0aa61a9505edcc021dd2b9de1dec17e1d558cd80cb84ec12fe16368b17015d71b972553
SSDEEP

49152:THbm/hpuUOQj9/sgfDQNQKbt3nrDUx8UBtNWPWS:7bm/hpwHiDQN93rG8U7NWeS

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1928	jyzm-v0.9beta.exe
1928	jyzm-v0.9beta.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jyzm-v0.9beta.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1928	jyzm-v0.9beta.exe
1928	jyzm-v0.9beta.exe

C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe
"C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\ioSpecial.ini

Filesize
607B

MD5
0ef41e1af031b9059ad884d760556434

SHA1
a6c140d29a9360bce8d29aa4f24c3998b660ded6

SHA256
4eac7349499749fb1353b70e6f2831187dd0b11ce18c072e4fe83cf26bbdb81b

SHA512
51ddd980971f17b021d7171e78b506f273b9db846425bcc51c4e874b04d02474379b0fa44fc7daa935111b61c25386a4f88735599b4311a78d6f1b5c47add1b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\ioSpecial.ini

Filesize
646B

MD5
0587855c7c79cc248c5bdc1ff9921809

SHA1
66ce1271e220603e3da088f2571347bda06f599b

SHA256
0cb740247268cf9c73463213c3d6648c842f1e19df53269621132e1b50fd8f5c

SHA512
6d21ecbe548b31f63962a9a175b3bbfa2efe076c2383a47fc6dc41cf01614a41a87bf800abf7baab30bec9075759f36db1d1484bbee86addafbc426a935cc750

Download Submit