Overview

overview

7

Static

static

3

MediaInfo_...ws.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    37s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/09/2024, 20:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MediaInfo_GUI_24.06_Windows.exe

  • Size

    7.0MB

  • MD5

    8c902d41cad8c9d9bad7d406ded23561

  • SHA1

    33e3cfe51bc41cd55fe5a4a614912a284d00dcfd

  • SHA256

    fffb0d7edfb38d40e9df1094fd6c7f103a5ea886514b73a368ad696c3ce46052

  • SHA512

    df3e2b3d033c66d0d6727ec94ce40f61346f27bb01dbd8c072662a6823ff53f6f2725aae8486466af6047117d18a03e1420a5f2135842d2b02a71a28f5e178a2

  • SSDEEP

    196608:Zh3wm94wGnABEmEDZYTOk3JJZeyAXaOpzQX+gaJrazVNy4:Zh35VgAq3A4yAqOZga5SNz

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MediaInfo_GUI_24.06_Windows.exe
    "C:\Users\Admin\AppData\Local\Temp\MediaInfo_GUI_24.06_Windows.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 "C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll" /s
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:672
      • C:\Windows\system32\regsvr32.exe
        "C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll" /s
        3⤵
          PID:2928

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\MediaInfo\MediaInfo.dll
            Filesize

            7.2MB

            MD5

            b52b1e6464fe80b10596b081c9ce38e8

            SHA1

            323cdcd327db81d4e46b92a01c16c7f825f2d7a1

            SHA256

            c09118215e30f38301bc271b0ad41ddf9046565298d6557b7e15d175341a9578

            SHA512

            22b4d42c281f856a32a94c6912a5a0332602238b1a6b6ba462c3b613ac7d832b6054a3efd3a5dcf025385906dda885ad5016ad5f035a025921c88cc8bc0fce44

            Download Submit

          • C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll
            Filesize

            151KB

            MD5

            00e313f847fe456df654a4ba37e22d19

            SHA1

            72ecdce0a51db523b38472d25147e6df49082825

            SHA256

            e9ede8fd931dbe596ade70f2d33d7157fa14122272bbc665eec2e74d3e8111fb

            SHA512

            09eba4826829564c7c75a8fe120c5517d22c32ae9054df8bc68f49c833d28b1bce0f528354b5ea9b6883ec6c9fd533341cb606c90f4b4c1eeef74e31685348ea

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsjAAF7.tmp\INetC.dll
            Filesize

            25KB

            MD5

            40d7eca32b2f4d29db98715dd45bfac5

            SHA1

            124df3f617f562e46095776454e1c0c7bb791cc7

            SHA256

            85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

            SHA512

            5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsjAAF7.tmp\LangDLL.dll
            Filesize

            5KB

            MD5

            68b287f4067ba013e34a1339afdb1ea8

            SHA1

            45ad585b3cc8e5a6af7b68f5d8269c97992130b3

            SHA256

            18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

            SHA512

            06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsjAAF7.tmp\System.dll
            Filesize

            12KB

            MD5

            cff85c549d536f651d4fb8387f1976f2

            SHA1

            d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

            SHA256

            8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

            SHA512

            531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsjAAF7.tmp\nsDialogs.dll
            Filesize

            9KB

            MD5

            6c3f8c94d0727894d706940a8a980543

            SHA1

            0d1bcad901be377f38d579aafc0c41c0ef8dcefd

            SHA256

            56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

            SHA512

            2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

            Download Submit