2ceb025a3125915e904bc8861933f6d33960a5ad6c4c880c4ac89788253e6132

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/09/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GoKuaiSetup_5.2.0.54.exe
Size

3.3MB
MD5

2dd8d9afef48b41bd959a5ffb75cf99f
SHA1

cb2bafc913d9403a0c807001f6376c623596e502
SHA256

2f22660b3e3147fdfcc5e2793864546eb3f9701db24f460fb410dc20aebc0add
SHA512

e5303c43ab8b3ad18d1feee32ef2489679ab668bfe7d6a57b42d3934fa7d03eb9eedfb867b11d192b9e4a4276a01d72b58657ce42d8fdb9c837f56764b6a95dc
SSDEEP

98304:dVoQnA7zR3LZSoajRq/5i3K02UJpAw9l0qGm:dGQnA7V1SoajRai6IAwUqj

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3004	GoKuaiSetup_5.2.0.54.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoKuaiSetup_5.2.0.54.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3004	GoKuaiSetup_5.2.0.54.exe

C:\Users\Admin\AppData\Local\Temp\GoKuaiSetup_5.2.0.54.exe
"C:\Users\Admin\AppData\Local\Temp\GoKuaiSetup_5.2.0.54.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstC8CD.tmp\ioSpecial.ini

Filesize
670B

MD5
702cbef96946677475e84305a23a180f

SHA1
c71372b1b36be346533e50e76c50765152252043

SHA256
bd68eb2e86fb37c3798a53ae61d332a6f25ce2a896caa1dd98b44377c6112ec4

SHA512
ca3c0a0087fabcfd2ac2dac08a4de4d7948b340d2635bdd9a39e1c01bd410a11ebd8485548bfe1eaee6b5708ca4c9f4033f06d00824f085981feb27647acec07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstC8CD.tmp\ioSpecial.ini

Filesize
631B

MD5
9f48a2ee6f72bef746018a38b44d7182

SHA1
14a84605fbe6238fdbeb9aa9f2db75f19d010c32

SHA256
287e6cac4b59a8e1214f596516c699db9a01a9be218b9eec9e53b3c559907f3d

SHA512
fba1c08597b0f2f08aea2f4870cafb6f4db44ac47c153eafba5b9bf2c27f67ff9d63125fb17e251769dfc044a6625f14756d24162dc7d9bf124614dcf87df6a1

Download Submit
\Users\Admin\AppData\Local\Temp\nstC8CD.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit