b87b4a52420908ca443b973a854c650b1a0b2ef436854ceeed320bd0357aff43

Analysis

max time kernel
359s
max time network
367s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OBS-Studio-30.2.3-Windows-Installer.exe
Size

133.3MB
MD5

c4df60192a41f79bc34a8a5d164a3954
SHA1

468ead0d65ca44239a3b197071af93f90e1e9c8e
SHA256

b87b4a52420908ca443b973a854c650b1a0b2ef436854ceeed320bd0357aff43
SHA512

02423ae208cf53d9404d99a9ac3401e785b0a8ba080cb036abac705826dd1bb85a1ec0b7a9a1763c1d9e5251d0b08f1948c072a30161fd6cc9d8c6fddcc3fa27
SSDEEP

3145728:n+A6RF9hn5HO/2V2uHg8ctdzfOpuy2oEQNxf7TDl5BIh7/Ayr6KzyC+h8yzz:+AMFPnywKfzfOprDx9IB/AY6KzyC+h33

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2668	OBS-Studio-30.2.3-Windows-Installer.exe
2668	OBS-Studio-30.2.3-Windows-Installer.exe
2668	OBS-Studio-30.2.3-Windows-Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OBS-Studio-30.2.3-Windows-Installer.exe

C:\Users\Admin\AppData\Local\Temp\OBS-Studio-30.2.3-Windows-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\OBS-Studio-30.2.3-Windows-Installer.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy5256.tmp\ioSpecial.ini

Filesize
1KB

MD5
c2f4ecbb01f033b2a5d1518a572b94fd

SHA1
1aa6261b017735c008fc603448e4cd458e2363b8

SHA256
fdf12b31ff6e0d2efebac3e49bfda0b60a964f984aa88a5288dbb41f245f50bc

SHA512
aff3233025d45455a870221e84b9ed0697eb56a8fe40c3013479b69958d126a28c76d102a27d7212180e7209d1e2b7f0bd014391ab770603b9887e54d50b227f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5256.tmp\InstallOptions.dll

Filesize
15KB

MD5
d1eefb07abc2577dfb92eb2e95a975e4

SHA1
0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2

SHA256
89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a

SHA512
eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5256.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit