5c78d98852f5e196616abb376c04c9b6467d85cc82247fea05a48cdbe4b86da8

Analysis

max time kernel
193s
max time network
287s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

V3Medic.exe
Size

2.3MB
MD5

547196fe997e1754597d60b2333b3d20
SHA1

c72ce7ea3c0ce928b84ca1237d470b80aadfd456
SHA256

3f2134128c72d146ea83a3caa7dfc734c54e300c3c714953d2c19ed361e90e95
SHA512

e371cda8290ba02ceb2c3aac05ca9892395e966d565c59ccc45257e006ea9aa4de60e68976ccb96f9475f17c026a083548f99883bc4a4c887fe78283237d214a
SSDEEP

49152:EpJMYTmHVJ/yyo814cxdQMw9T+ImB1EFzE+7yirLG9:trvj1IMST+1AzNrLQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\AhnInst.log	V3Medic.exe

Loads dropped DLL 3 IoCs

pid	Process
1720	V3Medic.exe
1720	V3Medic.exe
1720	V3Medic.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	V3Medic.exe

C:\Users\Admin\AppData\Local\Temp\V3Medic.exe
"C:\Users\Admin\AppData\Local\Temp\V3Medic.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsz8407.tmp\AhnI2t.dll

Filesize
2.4MB

MD5
a5a5b093c4867fe34824b09b270387af

SHA1
f1201c2929e901e373d1cce6a9db9b89b5978d8f

SHA256
6b5e7cb789dfa9c2d83e847308d3f55d3ab8b35b445065e178e3511f1a159f77

SHA512
c9ea6cfa373ab3c958df119d662ac90c40814779fb9d729a1c51093e9263e08a16ec02acae17712d0c51131b88031e6892eb1a3a69b2276666b09781d742f522

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8407.tmp\AhnIEx.dll

Filesize
2.6MB

MD5
53550ff38f2af7107e5fd901c75d5d1f

SHA1
b883d0246907943221992b8ac50a4957596431d1

SHA256
535fb261c44f8dd5a81cc57bbfb69c4429ec0a339cd0f46a96ec27e9441663c0

SHA512
9e21c3da22b64c1595a5645ed1563a42acd93edf2e6e14cdd0dc37e5ea28f843a279109428323bead784fbd35ed9c70fe3dfeea53c1f950ff4c1bf0966d5254c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8407.tmp\ambassmt.dll

Filesize
3.7MB

MD5
1d508299e62084c853b4ed23d1469d08

SHA1
88ab3c803731093a6fd4cead47d2aa6ccab79818

SHA256
d2a60e75697bae8405d57738c0b89c5c0c730083b571c47e6e7ad7d8d3e5b48e

SHA512
4e838defa6a0921fa691aff5732b4e63fed332483cad5028b3c6a787b7d1b31ca39552cf4157a7a5a2574c77dd2980b6d2ee5cd27008524773cec48b8874894f

Download Submit
C:\Windows\AhnInst.log

Filesize
4KB

MD5
540067a4eecefb383289e72bf3f72def

SHA1
cd2b10cddb085b0cdd227e4321e1143e2adac495

SHA256
4995c3fa106391c19864ee0b04623526b83022e5cd6a55140146c8e2f8562ace

SHA512
73111864415ab3ec3985998a7d20a2ff8c8d175a024161390e9e7cd71bf7d7cde290e595026599ed48e6346ac5ce212c533f3ed12545f19eb3259e3a32dc9c7c

Download Submit
C:\Windows\AhnInst.log

Filesize
4KB

MD5
b17732d06925bd7a6fd8471fc5dc1a34

SHA1
3f46086e5ca685ef9e514150180302b34d978dc3

SHA256
b2116bb3a222f45ab62513cdc3ee4b8878b5eda288ed4b154763c16a5bb8b683

SHA512
5b45895f6e474811eaf5e07a0c428c6f3f8d5e8d4b32e7ff2d145cd19e2ccb06b6b1c2865c70af851ec3dd085af4e51457cfd14f98fb3345f284d8e52994c9e5

Download Submit
C:\Windows\AhnInst.log

Filesize
8KB

MD5
641e3061d6cdbd86aea4513a43e12503

SHA1
7b991be9ffc5f477c4ef71bbf52a8af8cc09d579

SHA256
5be2aa2b902f5368c8ba2698b5bd12842bca5cf9e21a1ea73c466a2e34cb51a7

SHA512
8a5f30783aa50f56b8953df8aabe1d11c49259ae31fb6ba843fbe7bc5dd1d4b8df466dfc1451afa541c70a01993b58a200e6f3972e7ed3e5a6432f5b135d9069

Download Submit