3964b13ed8b77f5512e3439d8745c58a7e331fc28782bf29d118c5d5bf952583

Analysis

max time kernel
2s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.exe
Size

292.2MB
MD5

a13d65a37829ea27f1e36b9a6e3b1aad
SHA1

a69a8cf08915fb7df227ba1ebed091ce125d550a
SHA256

3964b13ed8b77f5512e3439d8745c58a7e331fc28782bf29d118c5d5bf952583
SHA512

35f0b2c6538f38a9168aa9baa5bf1c4d9eec1426f773185c74b335a00af27101916163d82c2fccce3cc2025a0b525d24bd229da9e6c82180e863a07b9b770eaf
SSDEEP

6291456:DC/MHT8VgsPccadFcYiGurhhsHLdLlv1vuJsvqfJ7haQ:DXzpsPcvdFcYiGulhShBiNhN

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe
2856	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2856	test.exe
2856	test.exe
2856	test.exe

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\BetterControllers.mfx

Filesize
905KB

MD5
5be6f62e64b1fac2d9f9e047814e26a3

SHA1
9b0ee0259e0894a554034726bc7a2356a35d11d6

SHA256
1ceb4f8de9eb50ebe02fd05387f4d85324899aaf1467edd6a422437b52743c94

SHA512
41ef9bf098220c19ca7bcb91919fe21099a86f53a2264a42c7e87a07de487e826e93e576db3aafdda584c0306adbffdc52c7ee16751c3922214cf2b252ed7088

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\DRPC.mfx

Filesize
861KB

MD5
0aa331b547d0650059a75dbad66248f6

SHA1
df01d62ecb2d263c80248c144d0b6212c0910767

SHA256
5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

SHA512
9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\Easing.mfx

Filesize
168KB

MD5
052d1c7eed7b50a18eddc10dfad3ae22

SHA1
6f88687f930e73106d2b8af00f5317eca74e0c61

SHA256
1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

SHA512
ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\Get.mfx

Filesize
340KB

MD5
c61fd0d847df328fd6f0a98e4f030f41

SHA1
c3d8c3493818c44723e1466b411a3b5e188d823f

SHA256
791e717345991c4bf183c6450667498a89b59c4e8a5abb52e2751fde63d3ad43

SHA512
72cb1345af5834cbc89c9244c935cd62ea7a9d19d34a39eb6d69c32bd10302c1c0a9c0573278e6424bee1f0a771ea46e7fb907c630742dcfc6bbb572b393970e

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\INI++15.mfx

Filesize
439KB

MD5
760454c677adda4b319272641680e331

SHA1
348f18fb00889c3058451c2f034b51d6965522af

SHA256
4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

SHA512
62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\KcButton.mfx

Filesize
40KB

MD5
b848bbf535366b6053f7bc8ab87fc5e0

SHA1
19d8a51062201531ff58c898925e53490c22213e

SHA256
94cea0df9febe19fc2e1a905bd7df0bdab63797a42a7006f14bc8838003e5a45

SHA512
cc6df5fb9ef537a255faefb890ffd07556bffec5abd6a914afeb004b77dede2db21dce1179a36b8641e7150e8c466345a58288835722639c1fbb7e5665122543

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\Layer.mfx

Filesize
140KB

MD5
ef12eb1b8b4a804bca741734787fdfd2

SHA1
43b8f7571067bfd2d7762f6d5c69fb6978894f37

SHA256
b8612eb76d8967e49e9ba74a2cbd557096bacfbdb2c6e84d69d381b76d42052e

SHA512
55c2aa823ff69bea48948b04912e1d31465d9a9817ef53fda2957d44451d58fdb2efcf3c40c8431d26d8663f70729e57bbddaeca848ab4d6658f0d5b211d2f2d

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\ctrlx.mfx

Filesize
44KB

MD5
ceb8b2e522d0aaaecdf69b3bcc89a530

SHA1
c1cf769a96a9612f7fd0c1965413f4a57e4907e1

SHA256
3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65

SHA512
3c46743c635eb96351e6a82490cececb24e6a104433c962f263ec01cf78fa9747d4f56d05c3085c0a18eff7c180b145df5e8e74bc008fe2f617f7f4c24be0331

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\kcedit.mfx

Filesize
32KB

MD5
62f67209e7995da3f14f4b697235a99b

SHA1
158248b41de5449ef647a2caeda431dc544aa59d

SHA256
1fb56c1a5fb313c8c51fead10472566328c9260aacc72aa8dde8d345acf53203

SHA512
3857939c51b5045030df233393597b9b56a0534a2ea570d748a002b19b0b20de16b0d5181cf9eb6180d24b4de0a159e21275d12bdc7673a3f891ce155db42325

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\kcini.mfx

Filesize
114KB

MD5
7c0cb7fdc0d3519520cd4b8137edbd80

SHA1
bd4eddd8316a51baf4a3ae68b56acfbba734f46c

SHA256
d1471b2685d45956c323baa2cab11dfe479eb1021f04e2949f03557527c5fc84

SHA512
601c16892bef77d5842e0778f27d4f82e19ae66333b2b75c9a34b3ba6441169946e1167ceb21ed270bddba305abfe50f2e8f8ab2e9dc410c96a31944e597034a

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\kcmouse.mfx

Filesize
7KB

MD5
a3b924e8747962ba4d6f81bf31da0d2a

SHA1
2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

SHA256
8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

SHA512
11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\kcwctrl.mfx

Filesize
79KB

MD5
2c34e977f898ab60eddb72075c4be223

SHA1
adf883dd06e5ae340a03e6c22a56a4c0caf909ea

SHA256
a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

SHA512
73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\mmf2d3d11.dll

Filesize
548KB

MD5
07163378491db6156398fc8e6582564d

SHA1
6c702d8501431d38e8d392093795444a3900b004

SHA256
2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

SHA512
296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\mmfs2.dll

Filesize
510KB

MD5
1e0e5acec2f2d3567c40491e39aa8f50

SHA1
101ec3bbd32c005b12b38c0f7988faa9329a019f

SHA256
6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

SHA512
80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\mp3flt.sft

Filesize
24KB

MD5
dadc138be9d36e6e4b8e4bf9ef2de4bc

SHA1
2758db786c544ec7889f26edf9bc4634c9240af0

SHA256
ddeafda7b28bf7545e3ba164aa4a74219eb961c36bb974e0f5085a07daf18f44

SHA512
63a21c5eda225c7fb8a67595c3180d4fdc1bc37d3b45f839e1b562ef946bf5b2237a9ff17c3f6f5de489779bbb9652ac2a1a74b83f153883bd436756acf249e1

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\parser.mfx

Filesize
30KB

MD5
5903e2efe098dae179c07d670ff836b7

SHA1
93a2ce92a28c646735790d2cc9ff8959cc6e0c11

SHA256
9813631f63f79fbaa741094786d4b13c34515ec4a33c0d4e88b75a20973c887c

SHA512
e39bb67dc8765558274f93953de141e17de18550912bf79a94a2cc998918d07631a0251551abc080363ea52444c1511f15458232d0c656d8f62550d33756e740

Download Submit
\Users\Admin\AppData\Local\Temp\0232370b-9b3c-4f5d-8658-12649abc965e.FusionApp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/2856-46-0x0000000000470000-0x00000000004A0000-memory.dmp

Filesize
192KB

Download
memory/2856-30-0x00000000022B0000-0x00000000023C2000-memory.dmp

Filesize
1.1MB

Download
memory/2856-38-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2856-41-0x00000000023D0000-0x0000000002429000-memory.dmp

Filesize
356KB

Download