d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daun.exe
Size

557KB
MD5

b748b605cf8d9e3103701202143aa092
SHA1

e49095644bb43f9c5ac524b5519e00526794b102
SHA256

d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5
SHA512

6b7b28619c91913b7c9cc184678d1e208867a0a0acd20bcc5a99194f6bafbb9fdeedeaac39563cecd938f930214774b426a6603c35d459de4b354e0f201b866c
SSDEEP

12288:qQBI/5nXN+xaet5bgH3bC6eXLTidCeE9MGyldojOO/YP973qSarS2yWvdXglczGH:qQBI/5nXiaGbgXbC68

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

daun.exe

pid process

1964 daun.exe
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

daun.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language daun.exe

pid	process
1964	daun.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	daun.exe

C:\Users\Admin\AppData\Local\Temp\daun.exe
"C:\Users\Admin\AppData\Local\Temp\daun.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
341KB

MD5
f03c2129881b6f0fe435c79c7983e6d5

SHA1
9bf5bf459dba849c5e4e15e30c629c2dcd740326

SHA256
745158205e624aeb48b42f72d7e561302cdf632bf1f7c178f6280e43b8876da5

SHA512
6512d149066749c86978bc0feb8e3a9b689e852c18282ed074760c367614cdbe3be4f89bb3c2bbdcdb35eb0bff17b8a69157d8b61b356e3b3d50628f9875448d

Download Submit
memory/1964-0-0x0000000073F1E000-0x0000000073F1F000-memory.dmp

Filesize
4KB

Download
memory/1964-1-0x00000000013E0000-0x0000000001472000-memory.dmp

Filesize
584KB

Download
memory/1964-6-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download