Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2024 15:56

General

  • Target

    LDPlayer9_es_1009_ld.exe

  • Size

    3.4MB

  • MD5

    d3f42950472326bca3051521650155bd

  • SHA1

    97f81696dd2b9f0289c6a6002017007ab2a7b463

  • SHA256

    f85ba2e1604219d15c2b7816312f0c530411416cf3789fcc0ab73d7ee6dce36a

  • SHA512

    45d9e6d7bfaf0f234034b0c78c8e0301e95f3b0d05f189ca29080100a8fadca78ca3a784183a1116a6655cca839f8890f702c2d5b2090e028503ff2a67ec44e3

  • SSDEEP

    49152:T1Be0WwNjL2UmeJJY1pHtOUYqP3CFOrtG/tTR9sXafgkDFMVR9C1UhPJXMK701hX:Tze0/jL2Umec1t0xOoVMBiCV2HkK

Score
6/10

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Downloads MZ/PE file
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
    "C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f23c94efda559b759175ed7887ffbf4f

    SHA1

    c036ed51f686022e9693c0851b08a56110e62c25

    SHA256

    39a903eb7432b833565d10e580fb609bf1945580d0f85b0700cb365e62359ef3

    SHA512

    8a04285b4e7c6b808b7628deecfc3261f4cc4e3e625d5bb7991e73b945737fc4d39654d5714d75d25b48e546ae6ecad27de8ea2225547d02e8290c0777898818

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bdc3dd7710fd7093e8c3634db2dcefd5

    SHA1

    0f94859928db9130eba8b769f6d16bd18d617ff2

    SHA256

    21185fe00eccd8263bf4adad0d13cdb60649748f2e8073430fd0f622d9575ec4

    SHA512

    897e39d20ac103c599ba64002ee451b033d314a15ad04b6ee9f2fe29b6a2e406ced752c06305f1b9c4fb7f041b60a66a80496639c79e46951d3531af8888fd37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d6a00b7083e2a9bca080fd457ec45aa4

    SHA1

    5a0aab860c8cced23486098b8a140af32bd18823

    SHA256

    473871f2f1606b5c9bfa0a27d441db724332d8c829403ac5689b17582c4e78ee

    SHA512

    8e47f2f626d36fa8f64327612ce238c6060679730a48fe7381afe23bc5f970fe052b6b44cf43521d80a5d9969dd6fb2fd9473d311787dc4037b03dcecef819c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8c38624a36302c814f03a687743bb8d

    SHA1

    0ec1ad4cb239c0d397427c73e9a3436a3e08ff61

    SHA256

    51258c2d146b0be6ab972ee27704717109a7437d111cb64dc391f3583e73cdc4

    SHA512

    fc0d9bb1f46120d991bb556a13ebe2934219c92730e345f39cf978189fc81fc9ddbf6a59eaa0ba01ef6ef6068f93a8fc33a3f1377123927aff0e32676427cc9f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89f1f9644ba9fb5dd8a4f5dba644daa0

    SHA1

    24a5fb6b10bd7bbeb07d1e013c4f41b135f1835b

    SHA256

    06a85ec122b934a16570772692782cd12ac5720a650df144ca17f7bae05a9686

    SHA512

    a32c3793c671a7214bcc0be6c4bb6cf6ee10727d84ef156301830f6fe3df1a687266966fdbd12bfb85b6d358c01095c907878e54ff8033c44783dce07831e8df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a095d1fb5fbcfa2c08f9843ea4863d06

    SHA1

    1258c3bf05815979e22a72f24c727ded542f694a

    SHA256

    97f235a77141f487a3b2cff33a02d359b9cd546a46e0d7e85471363d185bf486

    SHA512

    891c2793495d9223cae4668e2836453ea59b9f8a65edc47991cac34a45ad5cb95efcb37390914ff365af62276ca889425417a27312f9f49f376b6f8d68a4e126

  • C:\Users\Admin\AppData\Local\Temp\CabD2AC.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD2DE.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\Setup\ds.dll

    Filesize

    67KB

    MD5

    f45a92aba92be451667f7771edecdd32

    SHA1

    bb8496d04363a8ae818a9b3efc0fbcc1ba893f78

    SHA256

    22e95eb59a7cb402fadc1783c7f3c613aa18ebd09480e30f4a6557df8d066b26

    SHA512

    a6d734db225021487df46b2f62fb7a71883e2aa8837eb0097082510d8f01b519842cd26700ce84f2e2fd9012cb396ea894123d31a0e3e22636ecb859f68010af

  • memory/2100-16-0x0000000002B30000-0x0000000002B44000-memory.dmp

    Filesize

    80KB

  • memory/2100-17-0x00000000747D0000-0x00000000747E4000-memory.dmp

    Filesize

    80KB

  • memory/2100-12-0x0000000073FBE000-0x0000000073FBF000-memory.dmp

    Filesize

    4KB

  • memory/2100-11-0x0000000004140000-0x0000000004180000-memory.dmp

    Filesize

    256KB

  • memory/2100-251-0x00000000037D0000-0x0000000003814000-memory.dmp

    Filesize

    272KB

  • memory/2100-252-0x0000000004140000-0x0000000004180000-memory.dmp

    Filesize

    256KB

  • memory/2100-253-0x0000000073FBE000-0x0000000073FBF000-memory.dmp

    Filesize

    4KB