932c9c9a4d1649348db66e47cc4559071c7f030a27e93ac62c82a61ecf5fdcc8

Analysis

max time kernel
93s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 09:18

Target

My.Summer.Car.v2023.02.22/_Redist/oalinst.exe
Size

790KB
MD5

694f54bd227916b89fc3eb1db53f0685
SHA1

21fdc367291bbef14dac27925cae698d3928eead
SHA256

b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
SHA512

55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
SSDEEP

12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system32\wrap_oal.new	oalinst.exe
File opened for modification	C:\Windows\SysWOW64\tmpB85E.tmp	oalinst.exe
File opened for modification	C:\Windows\SysWOW64\tmpB89E.tmp	oalinst.exe
File created	C:\Windows\SysWOW64\OpenAL32.new	oalinst.exe
File created	C:\Windows\SysWOW64\wrap_oal.new	oalinst.exe
File created	C:\Windows\system32\OpenAL32.new	oalinst.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\OpenAL\oalinst.exe	oalinst.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact