f1c386c9060edc4dd78de85a498405b83a50a2e16dfcde6cf3062e3b054d27d5

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 07:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

IDSMonitor/IDSMonitor.exe
Size

3.5MB
MD5

a679dbdc27a5b9d78aeb6998845aadd9
SHA1

b167c17892b1a05819e5c1fca02d9de74bf08a09
SHA256

67d3932192fbabf92c54435582b23e06e4e500bfb3e8dad7b05ab83fab836247
SHA512

ab5c8c02078ac740aacc004b7f93b34881395012e9e0bfc66b6cb96f07cbb78c7a018a06a6bdbf18e9dc2502d8f22a11ad991a880fce6c711dc7961c919bf819
SSDEEP

49152:8tds1PZh2oUtsaCdqM81gwsWn4PCFPj/nS4fo/PQ5HxGhrg0CDgsiYx+6vYOW7rq:1NOWmq+ROEurLUytwV

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2712	IDSMonitor.exe
2712	IDSMonitor.exe
2712	IDSMonitor.exe
2712	IDSMonitor.exe
2712	IDSMonitor.exe
2712	IDSMonitor.exe
2712	IDSMonitor.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IDSMonitor.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2712	IDSMonitor.exe

C:\Users\Admin\AppData\Local\Temp\IDSMonitor\IDSMonitor.exe
"C:\Users\Admin\AppData\Local\Temp\IDSMonitor\IDSMonitor.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IDSMonitor\Plugins\0DACLPlugin.dll

Filesize
1.3MB

MD5
9b3f71870c3526154513fb39f2c2812f

SHA1
7c0bdcf486d2d462c34f5ec3040f3e7d27819418

SHA256
601e36486ec13c9632c7161987ce451ba2840dd008941b3a5b3d9449567211cc

SHA512
e2381438d923b93a397fbf94e3ae39243845c77709e9f54d00ed8304ce68618d66c8bc83581122f1238098509bd8e8c12e1791214a1c0c7e7cf17992a2e6610c

Download Submit
\Users\Admin\AppData\Local\Temp\IDSMonitor\Plugins\2DACLPlugin.dll

Filesize
1.3MB

MD5
2b8b6dcd3f435a2987c73eb86278c2e1

SHA1
c8cca1d807140fcaba57b14c88a81f657023fa38

SHA256
a93ea0b3e25543f4d01e8e5eeb47aad4354ea95a416c3eade19b008cf7dfa134

SHA512
9c926260f456054261c7c54001c7ae04ef666b93b6321d31135235f9a5b771da7138fc9f821a79940fa1fd0f9b8db876f0927487a62d6acfcd4bf60699736c7b

Download Submit
\Users\Admin\AppData\Local\Temp\IDSMonitor\Plugins\4DACLPlugin.dll

Filesize
1.3MB

MD5
351f2e5cbd5529feabffb386f789e0c9

SHA1
e0d722f83539fc3a95d24a3ce8139733e723125d

SHA256
3e4cd16190aa9f133de1b8668e76c8cb98b25d78854f7e1a0c9179c94309095f

SHA512
f63893e51609cbcaec2793cb263ec0101093475e2397aaea9c5448e097c55197d401fab041dbdbfd554170f4a1d25392af85585666f371bcf2e41a2a64fce694

Download Submit
\Users\Admin\AppData\Local\Temp\IDSMonitor\Plugins\5DACLPlugin.dll

Filesize
1.3MB

MD5
5cbd8febf18821c7f840937afade1acf

SHA1
e4ca9e7e484b3a2c4094d3d910c067e67106f46a

SHA256
4ba623739207641e6d4adea8b4421bd075c94b268913113fdd166ba380d54df3

SHA512
28c750a53a686bc9970242e8534c2edc06d23f5bdcb325d4acf246d06e7c04a32707be7df43eb14f9371e5fc2a1fea700cc031f907e7b173ed15d46236b25163

Download Submit
\Users\Admin\AppData\Local\Temp\IDSMonitor\Plugins\6DACLPlugin.dll

Filesize
1.3MB

MD5
c9b14f5caf2bd7e8aadf02a65ab61349

SHA1
de1091d5aa18d4ecdbf9adc18105a1de29a97570

SHA256
9049a154b7b54c856c03a9e0bf64a41085b780a92a77e33bcf0b1eaaebbb75d4

SHA512
8e915da9de1cacd4af142be0a63d0ef8c5f3e5ce2e724a17f51f3ae6f5ce5e46681362483cd67219dd9085b982979b0ecd82316326faa4ab04385eba7936e70b

Download Submit
memory/2712-128-0x0000000003790000-0x00000000038DB000-memory.dmp

Filesize
1.3MB

Download
memory/2712-145-0x0000000000020000-0x0000000000031000-memory.dmp

Filesize
68KB

Download
memory/2712-131-0x00000000039F0000-0x0000000003B3B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-122-0x00000000032E0000-0x000000000342B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-134-0x0000000003C50000-0x0000000003D9B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-125-0x0000000003530000-0x000000000367B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-137-0x0000000003EB0000-0x0000000003FFB000-memory.dmp

Filesize
1.3MB

Download
memory/2712-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2712-142-0x0000000004380000-0x0000000004381000-memory.dmp

Filesize
4KB

Download
memory/2712-140-0x0000000004110000-0x000000000425B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-143-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2712-0-0x0000000000020000-0x0000000000031000-memory.dmp

Filesize
68KB

Download
memory/2712-151-0x0000000003EB0000-0x0000000003FFB000-memory.dmp

Filesize
1.3MB

Download
memory/2712-153-0x0000000004380000-0x0000000004381000-memory.dmp

Filesize
4KB

Download
memory/2712-152-0x0000000004110000-0x000000000425B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-150-0x0000000003C50000-0x0000000003D9B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-149-0x00000000039F0000-0x0000000003B3B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-148-0x0000000003790000-0x00000000038DB000-memory.dmp

Filesize
1.3MB

Download
memory/2712-146-0x00000000032E0000-0x000000000342B000-memory.dmp

Filesize
1.3MB

Download
memory/2712-144-0x0000000000400000-0x0000000000784000-memory.dmp

Filesize
3.5MB

Download
memory/2712-147-0x0000000003530000-0x000000000367B000-memory.dmp

Filesize
1.3MB

Download