5c78d98852f5e196616abb376c04c9b6467d85cc82247fea05a48cdbe4b86da8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

V3Medic.exe
Size

2.3MB
MD5

547196fe997e1754597d60b2333b3d20
SHA1

c72ce7ea3c0ce928b84ca1237d470b80aadfd456
SHA256

3f2134128c72d146ea83a3caa7dfc734c54e300c3c714953d2c19ed361e90e95
SHA512

e371cda8290ba02ceb2c3aac05ca9892395e966d565c59ccc45257e006ea9aa4de60e68976ccb96f9475f17c026a083548f99883bc4a4c887fe78283237d214a
SSDEEP

49152:EpJMYTmHVJ/yyo814cxdQMw9T+ImB1EFzE+7yirLG9:trvj1IMST+1AzNrLQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\AhnInst.log	V3Medic.exe

Loads dropped DLL 3 IoCs

pid	Process
2228	V3Medic.exe
2228	V3Medic.exe
2228	V3Medic.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	V3Medic.exe

C:\Users\Admin\AppData\Local\Temp\V3Medic.exe
"C:\Users\Admin\AppData\Local\Temp\V3Medic.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\AhnInst.log

Filesize
4KB

MD5
cc8394f9cdc937c83fefb69a4d353738

SHA1
00b4fbab76cb05aa595480c35b59fc0c6ff05eb5

SHA256
1f668540871ddc8f12b063e27c9deb74a7b7c861fdb3bf23c874d02dee1a1a1c

SHA512
dca2476e980a87c250129ae8bdf25632d09e609b9c4722fed0e464d6ab5471be427d3705bc996debe3bf423cb3f11217bae7efd61fcfd5b7f651fa208a2aaede

Download Submit
C:\Windows\AhnInst.log

Filesize
8KB

MD5
e8e7587554dbcadefeb9f1c2b173d0e3

SHA1
bc4e43628e280b611127002a538809b03a7371e0

SHA256
2693a1f64df0b1215ab58a5ae22d19488872bdf522f95283c194aed499c6b800

SHA512
efc7f91297186529318067feb45cacdc0d8094f69e3f4a39fca144713e77d5b05670510ce69db341d6f0b65305b44bb5ab99903c6c33e2962bb48f560f1cabb5

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F4A.tmp\AhnI2t.dll

Filesize
2.4MB

MD5
a5a5b093c4867fe34824b09b270387af

SHA1
f1201c2929e901e373d1cce6a9db9b89b5978d8f

SHA256
6b5e7cb789dfa9c2d83e847308d3f55d3ab8b35b445065e178e3511f1a159f77

SHA512
c9ea6cfa373ab3c958df119d662ac90c40814779fb9d729a1c51093e9263e08a16ec02acae17712d0c51131b88031e6892eb1a3a69b2276666b09781d742f522

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F4A.tmp\AhnIEx.dll

Filesize
2.6MB

MD5
53550ff38f2af7107e5fd901c75d5d1f

SHA1
b883d0246907943221992b8ac50a4957596431d1

SHA256
535fb261c44f8dd5a81cc57bbfb69c4429ec0a339cd0f46a96ec27e9441663c0

SHA512
9e21c3da22b64c1595a5645ed1563a42acd93edf2e6e14cdd0dc37e5ea28f843a279109428323bead784fbd35ed9c70fe3dfeea53c1f950ff4c1bf0966d5254c

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F4A.tmp\ambassmt.dll

Filesize
3.7MB

MD5
1d508299e62084c853b4ed23d1469d08

SHA1
88ab3c803731093a6fd4cead47d2aa6ccab79818

SHA256
d2a60e75697bae8405d57738c0b89c5c0c730083b571c47e6e7ad7d8d3e5b48e

SHA512
4e838defa6a0921fa691aff5732b4e63fed332483cad5028b3c6a787b7d1b31ca39552cf4157a7a5a2574c77dd2980b6d2ee5cd27008524773cec48b8874894f

Download Submit