Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/11/2024, 11:50
Static task
static1
Behavioral task
behavioral1
Sample
9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe
Resource
win10v2004-20241007-en
General
-
Target
9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe
-
Size
255KB
-
MD5
7afd5afc222f81f8db4c57ceef9912dc
-
SHA1
048625b43b03e9120c364baa745b1b9f1cf339b2
-
SHA256
9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68
-
SHA512
4075ed3d1397075d45851ad74bb3ba8ca8f8cb551d476e478e7b2adfef52c4854a0b101cb9f15b6861da605650ce943ecf316c235dd58888d5711b3a3cd0a619
-
SSDEEP
6144:ocpiTSfDhpnShDi/SOifQsRCHplF6UWLGqpXC:wTSfDh8DiqjbwJbhwXC
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE 1 IoCs
pid Process 4532 nzlncpi.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\nzlncpi.exe 9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe File created C:\PROGRA~3\Mozilla\tozvehh.dll nzlncpi.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nzlncpi.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe"C:\Users\Admin\AppData\Local\Temp\9d2d9bdd5617c93901e2bda6bcb656a7bb1624fe73b13801406bb3c1d192ec68.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1992
-
C:\PROGRA~3\Mozilla\nzlncpi.exeC:\PROGRA~3\Mozilla\nzlncpi.exe -juyvuof1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
255KB
MD55e9a497ab161bd6a8c8c7402b983aca6
SHA1b146caf623922d3c360548235e5b885cced47722
SHA25690ccba34b045c7f9ec0aedb7bbeb42b2eceed5f93d5ab34160c97740a38857a5
SHA512d3a7f04e629038b0b9eb3455727197c79db5ee3da52f103dc9df17ac5a10af0b7b5a757406bbbe45611f8fff369cdce481bbdced3735dd599da21fc2ec5912c0