097ff3850e01281257617e3099d8b22239243fa2e3ff9756f2dafa7ab44b9f98

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tesseract-ocr-w64-setup-v4.1.0.20190314.exe
Size

28.1MB
MD5

c64a73d6e22401c0601dcd58477ce2eb
SHA1

d3817ffd0c2795151afef46ae0d92e471a2544d2
SHA256

097ff3850e01281257617e3099d8b22239243fa2e3ff9756f2dafa7ab44b9f98
SHA512

828481e485f98a986d7141b9aab002767880245d5e5e0a2b94b9123c3b345df396571b4cce0da767d5623f039da238fb860a8795a571e01b905015c980e19955
SSDEEP

786432:57nvk5R+QDaXUS4S4beOGrQPIvJuYsjuPMhx/h03yRIgQ:lvkiSbeHgCJRdPM3aXgQ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3232	tesseract-ocr-w64-setup-v4.1.0.20190314.exe
3232	tesseract-ocr-w64-setup-v4.1.0.20190314.exe
3232	tesseract-ocr-w64-setup-v4.1.0.20190314.exe
3232	tesseract-ocr-w64-setup-v4.1.0.20190314.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v4.1.0.20190314.exe
"C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v4.1.0.20190314.exe"
1⤵
- Loads dropped DLL
PID:3232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse92A2.tmp\LangDLL.dll

Filesize
7KB

MD5
50e43eb96f101554e09318a677f95709

SHA1
bab67432e892e21e0e85db75e700c700a9f5cb84

SHA256
8049632969d8698487c32d9861a6b994b37da89aa4db05b847b838b7f95408c2

SHA512
31e6a4857196b4b32f45d01a14ff2481fc748418d35586e06b19f5d7232c53bea373d6e354c21edd47edfaa0278f43944e5eac69466ba621fa0f12973ac0db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse92A2.tmp\System.dll

Filesize
26KB

MD5
dbaef88a5991e569b0419f757950f1b7

SHA1
ec1175428ad3af0148b1627ebf6f09d42c703cb5

SHA256
487c9b44388783296736db93be2a1f786f6051ba4282f8df54a4e1b94e272d56

SHA512
8df27eb6bd6511fffac4145ac79f88fde6d6681341460e78845e9c663e672999c89abb06138e6cea3ee66758e04b9aa630e68587cc222011d278b98981dd57be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse92A2.tmp\UserInfo.dll

Filesize
6KB

MD5
4b37b8a09300da0732f43fc1feb45de5

SHA1
a043533cdab901fa758eabf0883dd20a12beb92c

SHA256
95b6c0ebebf681f27cb993453fad4c924caf438cb4063dd5587a4bba8cc8fd85

SHA512
0719e426420ed0bbf4382e1b8bd217a86bff88292458b1f5a0959f8553fdeca5c0a39a011ab7a8f8880ba5672117dbef0f0a09e52a86f5bc5b889905786cd58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse92A2.tmp\nsDialogs.dll

Filesize
12KB

MD5
b1b3911821a129b23445c829c1acb9d8

SHA1
130c3b53d54d6eb10ffc41b120a2c20458b849ab

SHA256
79e6b77aff2b543c547f920d54d8d3302f1fc6f6b42b3c262283e4e85d27825f

SHA512
401383999c2d17c717f14d56a251b15efbdd9024b197e0fdb2d0cc54552a9b1830c454924bb0f68b5499a2fe5e4979ed78451bd649e54945009d55f056ca6d77

Download Submit
memory/3232-141-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3232-142-0x0000000075110000-0x000000007511E000-memory.dmp

Filesize
56KB

Download
memory/3232-143-0x0000000074BA0000-0x0000000074BA8000-memory.dmp

Filesize
32KB

Download
memory/3232-158-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3232-160-0x0000000074AC0000-0x0000000074ACA000-memory.dmp

Filesize
40KB

Download
memory/3232-159-0x0000000075110000-0x000000007511E000-memory.dmp

Filesize
56KB

Download