Analysis

  • max time kernel
    142s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 18:47

General

  • Target

    tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe

  • Size

    42.0MB

  • MD5

    e3e83d9e59dc66f9328940640910a731

  • SHA1

    aff9d47058b4b172c65db8f8d0d486a3e297a916

  • SHA256

    459b0cb9830f52ace1106ac9a2d636423de893fe301743891e0a2879fb8cd8a7

  • SHA512

    8c46106ffa2caf8ef03cea51b871c1b3cf756d2a3c9f2a34c3a0959abb8708fda7378dcd432c84104294c2e96ecbc3278a547a0ba0a21ff9e8b1cbc2c76705da

  • SSDEEP

    786432:WtHoZOx0E52L17X274NtKP8ih/WahlNel6wBcImhSZ4+S/buMdMPDTbU0k0vJhHZ:WtDx0k2L1WMKP59WelNeltcdd+SDDWh7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe
    "C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2292

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nsi5034.tmp\LangDLL.dll

          Filesize

          7KB

          MD5

          bc11f58aa5fb1a877d5a236eecf105a2

          SHA1

          8a9fe378027ef83659872f80d75d90d65b44cf5e

          SHA256

          9a70dd9e812fb61f11c4bc9335461cd44f3076fb70c898aa42858047c2b1a93b

          SHA512

          2f1fdfd9ba5761e48b39850122f20adbb5ad3d3a5827fd2048d5679f1f298dc7859794c090fd44f254da065fcb41efabe5b4110a01dbbf9b591a843c355bda72

        • \Users\Admin\AppData\Local\Temp\nsi5034.tmp\System.dll

          Filesize

          26KB

          MD5

          ebf5c733481e2f6ddaa04fab99553616

          SHA1

          7a979fa5609dd29315089c8640fabf3ca01be51d

          SHA256

          3b7ae06666fb4277974766409349d0f14d4358e15a20c6c078a29c6021b4a779

          SHA512

          37a61a13ca08bcd0c7bf84c0d1ec4c4d7320b57d60fa702a1c06f8e2a5a8a9c16b4b6756147357713ffafe26dea9ed42f45e5279c4999121a5589f1069760d8c

        • \Users\Admin\AppData\Local\Temp\nsi5034.tmp\UserInfo.dll

          Filesize

          6KB

          MD5

          468810235cebba9d311137e11ff0fa49

          SHA1

          72b1173f1ca6f3d1733e5487b04a89f7e7adf385

          SHA256

          48e8fe27774165eee31fc04266c80b553bc80799c103ba7a0e378d68dd023172

          SHA512

          deb5ffbf92e9668af544a88d329434fe271c8663517ec2d20609f015d447b254d17b44f3259db6d7d8b4fd9c22a645f0e1b4842dac1434eff892dbab28cdac76

        • \Users\Admin\AppData\Local\Temp\nsi5034.tmp\nsDialogs.dll

          Filesize

          12KB

          MD5

          87cdd064d650b3cf72f8a103bd73bace

          SHA1

          f8ea12681f5a5bb97ad9b525ef12e88fda832f8a

          SHA256

          a29754f0b21fbb92265f1fb924b3423a330704bbf56796da67aeca876dbd3326

          SHA512

          6ef757c6e8ad737a3755d0e387c60b596b2261ae10d02b293c1da2c1732901079a00d7f8a5fdb203f8cf984b2d8dfcaac99a43fb8ac011eaab85b56270223a88

        • memory/2292-10-0x0000000000400000-0x0000000000455000-memory.dmp

          Filesize

          340KB

        • memory/2292-12-0x0000000074990000-0x0000000074998000-memory.dmp

          Filesize

          32KB

        • memory/2292-11-0x0000000074E50000-0x0000000074E5E000-memory.dmp

          Filesize

          56KB

        • memory/2292-29-0x0000000000400000-0x0000000000455000-memory.dmp

          Filesize

          340KB

        • memory/2292-31-0x0000000074990000-0x000000007499A000-memory.dmp

          Filesize

          40KB

        • memory/2292-30-0x0000000074E50000-0x0000000074E5E000-memory.dmp

          Filesize

          56KB