7bc72601a99488910e0e3ebfd167b0e6c6a66ac7aa0de499699b7621859e320f

Resubmissions

15-11-2024 20:12

241115-yy98kszqa1 4

15-11-2024 20:08

241115-yw1alavlfl 10

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemod Pro by mr.motchy/VoicemodSetup.exe
Size

22.2MB
MD5

2c74a59f3a312c9003e3bdf2f458c87f
SHA1

97b1ede9c186ea36a74bceb1bf5e5689aad99086
SHA256

afd7452c34570e409fc0c2bc8a22fb7429a3cc8f48e85fe6a154656ec020330d
SHA512

b5e8810733694aa773c4c3b8a4063e5fddd962b64d2ad697223ddeb7337f09e8c21fc1efdb2c13c854f2e6884940fac217338e0839fd21d2b4db3c2da031a392
SSDEEP

393216:D2MvvQScyvXuaXVTwkBgoEMNBrDXLuzLYzCdcv8p5UPxaMQlBf4PrE:SMvVcysoEcLuzLig5p5UPxtyAP4

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

VoicemodSetup.tmp

pid process

2520 VoicemodSetup.tmp
Loads dropped DLL 2 IoCs

Processes:

VoicemodSetup.exeVoicemodSetup.tmp

pid process

2376 VoicemodSetup.exe
2520 VoicemodSetup.tmp

pid	process
2520	VoicemodSetup.tmp

pid	process
2376	VoicemodSetup.exe
2520	VoicemodSetup.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

VoicemodSetup.exeVoicemodSetup.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VoicemodSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VoicemodSetup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

VoicemodSetup.exe

description	pid	process	target process
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp
PID 2376 wrote to memory of 2520	2376	VoicemodSetup.exe	VoicemodSetup.tmp

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro by mr.motchy\VoicemodSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro by mr.motchy\VoicemodSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\is-5CN87.tmp\VoicemodSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5CN87.tmp\VoicemodSetup.tmp" /SL5="$400F2,22991991,87040,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro by mr.motchy\VoicemodSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-5CN87.tmp\VoicemodSetup.tmp

Filesize
737KB

MD5
1a9f24ba757fd08f3b4db5570cd1bfd0

SHA1
6c8e5ee1db1bb8471dc2c2c7a1d9835d60df2d8d

SHA256
326071c6e04b3552414337cea066d809d987dbddbc8ad717626abc9dff748956

SHA512
bbc2bc152363d789c636941f71894b8a6062a5b37b33748c5e7eb6014bbb8ee0461c29fd892272758ece489abbe7cc4e0695f094a4963411723f698456c308a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-P4HD6.tmp\idp.dll

Filesize
216KB

MD5
b37377d34c8262a90ff95a9a92b65ed8

SHA1
faeef415bd0bc2a08cf9fe1e987007bf28e7218d

SHA256
e5a0ad2e37dde043a0dd4ad7634961ff3f0d70e87d2db49761eb4c1f468bb02f

SHA512
69d8da5b45d9b4b996d32328d3402fa37a3d710564d47c474bf9e15c1e45bc15b2858dbab446e6baec0c099d99007ff1099e9c4e66cfd1597f28c420bb50fdcc

Download Submit
memory/2376-14-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2376-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/2376-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2520-23-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-27-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-17-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-19-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-21-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-8-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-25-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-15-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-29-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-31-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-33-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-35-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-37-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-39-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2520-41-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download