Overview

overview

7

Static

static

3

IK_Multime...en.exe

windows10-2004-x64

7

$TEMP/BASSMOD.dll

windows10-2004-x64

3

$TEMP/R2RIKM2.dll

windows10-2004-x64

3

$TEMP/keygen.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    590s
  • max time network
    438s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IK_Multimedia_Keygen.exe

  • Size

    436KB

  • MD5

    d0d0f7dd1ac363d373f29ae17975806e

  • SHA1

    dfd81e37e1cf6f637ea7610b21404f7b26807a3a

  • SHA256

    365a1cd13a619f486947b72d33b688621fab7db33d140faa023f27ff62fb31f9

  • SHA512

    617c8cd832355a00e02b730fb3146ed2dd8a8e07ace68758d460d3894f04e14346a78819dc1334d0a0036e61c714affd5b8d9c2893703692a46e4adf4a4f6031

  • SSDEEP

    12288:XYkc9t2Sll/19HvwQlSL5qJF0V3KPJ2lUgZ:XYkcL51NvwkG5WWEo2gZ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 37 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IK_Multimedia_Keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\IK_Multimedia_Keygen.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      C:\Users\Admin\AppData\Local\Temp\keygen.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:4596
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3dc 0x300
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2660
  • C:\Windows\system32\notepad.exe
    "C:\Windows\system32\notepad.exe"
    1⤵
      PID:3432
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1548

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL
        Filesize

        33KB

        MD5

        e4ec57e8508c5c4040383ebe6d367928

        SHA1

        b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

        SHA256

        8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

        SHA512

        77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\R2RIKM2.dll
        Filesize

        6KB

        MD5

        d186f4a30faa060aa2c4e0ff630f78a2

        SHA1

        345f36820ecb5e4c8d05fc6e93acb36ba6b53dbc

        SHA256

        235d3850ee4764f6b52fc81645f5498cd8b8c6311358a71ac91739131c2e7d09

        SHA512

        6a1855b1a713a05feea8da2343837a48b3ccd94d8f22594c2da57644f69a239e450acecb801feb3edb7d0f1fec53595281d7fccea65336a9d1da7923eaceac74

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\bgm.xm
        Filesize

        53KB

        MD5

        a30878984af33ee69ace5cf8e330b974

        SHA1

        916e9098ad80f3e79502adac42820b1ffbae1eb6

        SHA256

        498eadc5b3d65aaf34b8496954c3362f033297c489d7ef4559cba8890c530171

        SHA512

        f3ddaf6d3b4e12928efe5c167e8d010c858f19d4bf5a9698b4aabe21e53b5762ad667c81bd4e119083b6213bc96869056538dfc6fcdfc8147cfb1f1ea0c2162f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\keygen.exe
        Filesize

        610KB

        MD5

        b6d39c50d23cfba0d96feef649832d1e

        SHA1

        db7ff5bf4036e5e7a18f3d8108d13da72c4de4e8

        SHA256

        1b69523dda0415ebf332f86310f8e0eedc818354e332cc0dd844b02dc50fc486

        SHA512

        ab4b408f0c16de82d6088a9cb85f49a0fc27e7fe191ae70ca246b1a6443b3b16bdd736c41ff58b0ee0c0096eb2176781f5890a2ede21ece5ea5682a27e854399

        Download Submit

      • memory/4596-6-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/4596-11-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-15-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-16-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-17-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-18-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-19-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-20-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-21-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-22-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-23-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-24-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-25-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-26-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-27-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-28-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-29-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-30-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-31-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-32-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-33-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-34-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-35-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-36-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-37-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-38-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-39-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-40-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-41-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-43-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-44-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-45-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-46-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-47-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-48-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-49-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-50-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-51-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-52-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-53-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-54-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-55-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-56-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-57-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-58-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-59-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-60-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-61-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-62-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-63-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-64-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-65-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-66-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-67-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-68-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-69-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-70-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-71-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-72-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-73-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-74-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4596-75-0x0000000010000000-0x0000000010013000-memory.dmp

        Filesize

        76KB

        Download