3e95c08db1d86baa23c43ba276257079692d26f4268a0039abbdfccb7b155bdc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 04:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NCSentry2kBS/NCSentry2kBS.exe
Size

1.9MB
MD5

4791997737249098fac42a1aba910770
SHA1

149602030b83343541e9be011a4d5a3446d19f7d
SHA256

d41da04a5008c17d0f09e83c5296538bf4dc56f825cc7735c8ed1b49554ff9e5
SHA512

3ebdd6ad4563e907cc60a1bcc851d783da635dc25bffe5d97d1d5268d6b4aa01670168cbf99722e399728044ccfbd46a8a805b5731ecf3061f3df6be4dc4a6b2
SSDEEP

24576:rzGlStT4wmfQhFPGKBy58Cw+s9KMmrCDKtLdRMqKeSdqKeA:g6LGsyrwv9KMXKtJZNnNA

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4152	NCSentry2kBS.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NCSentry2kBS.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SS_random	NCSentry2kBS.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\SS_RANDOM	NCSentry2kBS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SS_random\ = "7536779"	NCSentry2kBS.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4152	NCSentry2kBS.exe

C:\Users\Admin\AppData\Local\Temp\NCSentry2kBS\NCSentry2kBS.exe
"C:\Users\Admin\AppData\Local\Temp\NCSentry2kBS\NCSentry2kBS.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NCSentry2kBS\ncTools.ini

Filesize
420B

MD5
5565e63e46f33e42fc2b0187ebbc6a85

SHA1
d4212740dd72920dc818d9e25285afd6ba8bdd74

SHA256
574b3657b6b63cd7de4ff7b00930c571ccddb2f2fac3c98c0440a84f079a11d4

SHA512
7fcaf2debffafd62454c2e23091b02d0796c0af74ec971ec04a7a21badcc19bb5b598f804a0685c66595d9b30072f748d06f26406f9f06a531fc517f43d78abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\NCSentry2kBS\temp.log

Filesize
101KB

MD5
14364bc8bdb65ed534cd7c6210d146dc

SHA1
ad7c4565d584ce1e933d63159895e722c4280b0c

SHA256
ada0b2684c42bc39008508cb55141aff84572b4223d3c850238de36d49be67a0

SHA512
e6e042291b2b469f47e8170d14dead8fa4b93965180184dc5eaec96efaba673ea9501fcc4717de46948970b67849d5f4b36d397a80ed36550e074806aa365a96

Download Submit