Overview
overview
10Static
static
1Installer_...se.exe
windows7-x64
8Installer_...se.exe
windows10-2004-x64
10app-11.17....se.exe
windows10-2004-x64
10app-11.17....lf.log
windows7-x64
1app-11.17....lf.log
windows10-2004-x64
1app-11.17....nt.pak
windows7-x64
3app-11.17....nt.pak
windows10-2004-x64
3app-11.17....nt.pak
windows7-x64
3app-11.17....nt.pak
windows10-2004-x64
3app-11.17....47.dll
windows10-2004-x64
1app-11.17....eg.dll
windows7-x64
1app-11.17....eg.dll
windows10-2004-x64
1app-11.17....tl.dat
windows7-x64
3app-11.17....tl.dat
windows10-2004-x64
3app-11.17....GL.dll
windows7-x64
1app-11.17....GL.dll
windows10-2004-x64
1app-11.17....v2.dll
windows7-x64
1app-11.17....v2.dll
windows10-2004-x64
1app-11.17....GB.pak
windows7-x64
3app-11.17....GB.pak
windows10-2004-x64
3app-11.17....US.pak
windows7-x64
3app-11.17....US.pak
windows10-2004-x64
3app-11.17....uk.pak
windows7-x64
3app-11.17....uk.pak
windows10-2004-x64
3app-11.17....vi.pak
windows7-x64
3app-11.17....vi.pak
windows10-2004-x64
3app-11.17....CN.pak
windows7-x64
3app-11.17....CN.pak
windows10-2004-x64
3app-11.17....TW.pak
windows7-x64
3app-11.17....TW.pak
windows10-2004-x64
3app-11.17....es.pak
windows7-x64
3app-11.17....es.pak
windows10-2004-x64
3Analysis
-
max time kernel
110s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
04-11-2024 13:52
Static task
static1
Behavioral task
behavioral1
Sample
Installer_x64_Final_Release.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Installer_x64_Final_Release.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
app-11.17.0/Installer_x64_Final_Release.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
app-11.17.0/Squirrel-UpdateSelf.log
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
app-11.17.0/Squirrel-UpdateSelf.log
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
app-11.17.0/chrome_100_percent.pak
Resource
win7-20241010-en
Behavioral task
behavioral7
Sample
app-11.17.0/chrome_100_percent.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
app-11.17.0/chrome_200_percent.pak
Resource
win7-20241010-en
Behavioral task
behavioral9
Sample
app-11.17.0/chrome_200_percent.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
app-11.17.0/d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
app-11.17.0/ffmpeg.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
app-11.17.0/ffmpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
app-11.17.0/icudtl.dat
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
app-11.17.0/icudtl.dat
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
app-11.17.0/libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
app-11.17.0/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
app-11.17.0/libGLESv2.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
app-11.17.0/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
app-11.17.0/locales/en-GB.pak
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
app-11.17.0/locales/en-GB.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
app-11.17.0/locales/en-US.pak
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
app-11.17.0/locales/en-US.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
app-11.17.0/locales/uk.pak
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
app-11.17.0/locales/uk.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
app-11.17.0/locales/vi.pak
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
app-11.17.0/locales/vi.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
app-11.17.0/locales/zh-CN.pak
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
app-11.17.0/locales/zh-CN.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
app-11.17.0/locales/zh-TW.pak
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
app-11.17.0/locales/zh-TW.pak
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
app-11.17.0/resources.pak
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
app-11.17.0/resources.pak
Resource
win10v2004-20241007-en
General
-
Target
app-11.17.0/locales/vi.pak
-
Size
602KB
-
MD5
e088be14dded779f50feabc4906d5ae7
-
SHA1
0eeca2c7ea82a03b6373c84adf1a890f29e18b05
-
SHA256
25aeee59775ae38b21a091107022312fc228f96dbea906042bf3626b7cf86b98
-
SHA512
af9d1e415a6d06c28df9abaae1f337bf4dd3e323dfd5560df5fb35d01c6801b9145072ee85ab4c524c489fb6cdea956ce327b8c4f6820197d76fc2f33171ca3d
-
SSDEEP
12288:tvN+cBwJGroEw/au9nPgsHvL04vCFsN91xe5c8hp6IDkivwziMHq3wtk5:tF+cBwJGiawPgsHT04QP5c8r6hivKiMY
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2772 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2772 AcroRd32.exe 2772 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2216 wrote to memory of 2756 2216 cmd.exe 30 PID 2216 wrote to memory of 2756 2216 cmd.exe 30 PID 2216 wrote to memory of 2756 2216 cmd.exe 30 PID 2756 wrote to memory of 2772 2756 rundll32.exe 31 PID 2756 wrote to memory of 2772 2756 rundll32.exe 31 PID 2756 wrote to memory of 2772 2756 rundll32.exe 31 PID 2756 wrote to memory of 2772 2756 rundll32.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\app-11.17.0\locales\vi.pak1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\app-11.17.0\locales\vi.pak2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\app-11.17.0\locales\vi.pak"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2772
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50d3b27b4265482a301025a4b73cf514c
SHA1dcc2d65c487c4f00eade9ae69e37c6bd82960643
SHA256b41f965edbd96126ab526d696e8a5d30082853572c540bcc97e123be79d95196
SHA512b44d3003ef5c018ca2651ec341cdeff4253cc08e0f4336764329ec4f3f58066eba82dc856b8a98b46bfc682936a2bae6bca101e2ceae731038c92ea7ae402a36