f18f14ec50247a31a03a220e132f9317e2ac12e3905e500ba046d394575b66ee

Analysis

max time kernel
86s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-11-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

instextras.exe
Size

1.2MB
MD5

e49ddddd2f578b798d1c6e316d39b10a
SHA1

060ed2374e84314da3893e30873b253d0f8edced
SHA256

ce8143c1bb08cfc3e2f6ef150ea77966b18aed4e010c84e299c139c4b9eee561
SHA512

52363eff8b45530e8e3b304f0bc8801257f8b9eaf7e1ddeb5652d9b46c3ea75cd915b1104fe6b23f7704988b55ddb1583797d22b113e99c1ce10b43002b6e3fc
SSDEEP

12288:mfY5AX+U4h2Mh9UChdlRMfY/R22LqHDuSn5QEG39fPAkrE4yrBOXDfaNbckXLt:mfYqXaQMbUk7MfbRjfI5Pdo4yMybckLt

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4048	instextras.exe
4048	instextras.exe
4048	instextras.exe
4048	instextras.exe
4048	instextras.exe
4048	instextras.exe
4048	instextras.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	instextras.exe

C:\Users\Admin\AppData\Local\Temp\instextras.exe
"C:\Users\Admin\AppData\Local\Temp\instextras.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nszAB54.tmp\Aero.dll

Filesize
8KB

MD5
0cb4305037fdbb31b1763beed3564f7f

SHA1
b584fd7ebffc331b2a08c6c7c74ed1193f3fa22d

SHA256
4f8ac32dd2cca85f9a018eb6a29bf0405af41a725a8a6ff6a7429704feef8d7b

SHA512
e85449f23ac1742b59fb5299737cfdc1c0aae79c0c247f47fcc7887c433d085087d23e7bb521b9f63e470772e0b5e1e3b3afb9b9244f12b425d43d5205a21a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszAB54.tmp\Crypto.dll

Filesize
3KB

MD5
59b7a89dbff790d69e01409dbc2a2788

SHA1
4ebbee3ebb35add8c1a0e436a4e4c9c5ba47c02a

SHA256
17b9038e66f3f45c4e775b32ad1bf076812d1ca4149198b47f4e0eda416859b1

SHA512
c202034bfbb7aca777326e7fb336e977e79cd9ba3bc7c17e5b6ec9c0222f6df2e1675b7d6bcb3de04a84e6226b193a5e0b81af950bc659fab83d12cd2fb84c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszAB54.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszAB54.tmp\nsDialogs.dll

Filesize
9KB

MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

Download Submit