2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497

Resubmissions

01-12-2024 00:29

241201-as8kssvmek 7

01-12-2024 00:19

30-11-2024 15:39

30-11-2024 15:34

07-10-2024 06:29

Analysis

max time kernel
90s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-11-2024 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
Size

5.1MB
MD5

6ee7ac1240012848440758195631f74c
SHA1

45a42a492d9d02cc3457a404377c73c69c219e92
SHA256

2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497
SHA512

e5af0638e0a44e076432ea0af9c814b3a7e2a65c4acf185a5e836ee12a317895706bf4d32ae66af829fd6bb8aac0ba3ddbd650d0a1482dcf189d930e666d0525
SSDEEP

98304:fn3Y5tIFveFoHkXrloeemyJF2yg2YsB32cgOSyj0sn1zf1x3KEkKyawM58iawWHk:fn3HJeFMkblFByfg2L32q/ndNx9kRM9P

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2052	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
2052	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
2052	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
2052	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
2052	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe

C:\Users\Admin\AppData\Local\Temp\2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe
"C:\Users\Admin\AppData\Local\Temp\2d9c9ba012ae8a50b79ef502e6c7dc05451eacf69c598c54c31c91b9c1623497.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dkcuninstall.dll

Filesize
109KB

MD5
826fe2f255324f7ab00cc90d3f0747b6

SHA1
c7056ee14d12423422376fe950753ac599f5a6ca

SHA256
54d3b13339ab132e4d2a61ae5a272deb0aca8d9108ff19a9831f6c73da3fd289

SHA512
e4352cd497c8bc72cdadb6fe02e24a687d7e4989455e208d9bc437f9ef64f370fb8231fb749189e736a7a7146b54ed0c721f548bf000cbd4fb36b3426ae8b90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9A2F.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9A2F.tmp\nsSkinEngine.dll

Filesize
519KB

MD5
eab7fd287509faec84e23cbdc1a709a8

SHA1
b6d659af538f7d57bd679e8c7626d470392c4429

SHA256
9702f538888f45fca67a1e2c2d7aa46fe42010c1aed5b0f34a51f989347ed9f0

SHA512
701f089f55bba49e0a9ba906fafce581693ccc99d445265ec1ea3794a4b5044f1011d90a9214c60dc0ed6be48f4fc4e9882ba07136268f7ebb0156e0b206d15d

Download Submit
memory/2052-10-0x0000000004A30000-0x0000000004A4B000-memory.dmp

Filesize
108KB

Download
memory/2052-39-0x0000000004A50000-0x0000000004AD7000-memory.dmp

Filesize
540KB

Download