9340ede49c5a69e6830f3ed43e34f2c4c8b79c635b72eb197fc7916b2b79083b

Analysis

max time kernel
102s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/arhnctrlr.exe
Size

110KB
MD5

7ce043d3bd876999b198821396416a9b
SHA1

e8e8aa0d3cc4ee753c33b398b8a06f398c7d43f1
SHA256

7c9fba0b2350f30cf7e64007eb76f75a09124608b97db2a042d0b52099966f10
SHA512

ede3a4dbe0dfbe4b714b2ce5ddd5a67a623785b227bc4c4a0081ee6f04063652caec6809bae4cfd22ff3204df36d65bb41e69d2ac953b7479d5e64c0d746b7ac
SSDEEP

3072:GgXdZt9P6D3XJyV3z8pkx3zvf+4D8On/Rj:Ge34QV3gpkZi5SRj

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe
220	arhnctrlr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	arhnctrlr.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
220	arhnctrlr.exe
220	arhnctrlr.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\arhnctrlr.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\arhnctrlr.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:220

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsh6562.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6562.tmp\GetVersion.dll

Filesize
6KB

MD5
5264f7d6d89d1dc04955cfb391798446

SHA1
211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

SHA256
7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

SHA512
80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6562.tmp\blowfish.dll

Filesize
22KB

MD5
5afd4a9b7e69e7c6e312b2ce4040394a

SHA1
fbd07adb3f02f866dc3a327a86b0f319d4a94502

SHA256
053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

SHA512
f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6562.tmp\registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
memory/220-31-0x0000000002981000-0x0000000002982000-memory.dmp

Filesize
4KB

Download
memory/220-29-0x0000000002980000-0x0000000002983000-memory.dmp

Filesize
12KB

Download