036e41576e0c68e013114efc479bee0e5b9094c6e6260abc9f0bb24a497bb86b

Analysis

max time kernel
120s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DE_OfficeStandard2019_VL_64_BIT.exe
Size

1.8MB
MD5

dca0494688e1aa30bdc13716c58c92aa
SHA1

9b41c5d7f67ed0cd32cb1de5547496d79d8843b3
SHA256

036e41576e0c68e013114efc479bee0e5b9094c6e6260abc9f0bb24a497bb86b
SHA512

1f2bc26a94133691499e0c448df6ca2bc08c30e112688ea95e1daf43c80e24aa36b8fa5e7fe50195c7f1a94ea151c7076cc35922cc88c7b3dac534fbc02cd4c1
SSDEEP

49152:b8Scmhb6Y4OjhHcH1BRZUSwZBLvWmc9sAR3Shs:b8BY1q17ZHQJvY1Rp

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\International\Geo\Nation	setup.exe

Executes dropped EXE 1 IoCs

pid	Process
2536	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2516	DE_OfficeStandard2019_VL_64_BIT.exe
2516	DE_OfficeStandard2019_VL_64_BIT.exe
2516	DE_OfficeStandard2019_VL_64_BIT.exe
2516	DE_OfficeStandard2019_VL_64_BIT.exe
2536	setup.exe
2536	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2536	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28
PID 2516 wrote to memory of 2536	2516	DE_OfficeStandard2019_VL_64_BIT.exe	28

C:\Users\Admin\AppData\Local\Temp\DE_OfficeStandard2019_VL_64_BIT.exe
"C:\Users\Admin\AppData\Local\Temp\DE_OfficeStandard2019_VL_64_BIT.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe" /configure Configuration.xml
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79eb6464d380bf5344f12cd63ff7ff0a

SHA1
de364039e3aba69bc16887cbd4d8050b6522d4f0

SHA256
e00f49213d81ec37aec0f7f0264f23fd44da19db170cb6140c297fa4241b2e83

SHA512
681ad3ef7ea9d80aaeae50b7fc866ecf9d6d9b625a7ccc137b29ffdb092f8265bf94cf4a589283b80ed68d3420a9426dc28caba0669a696c5a75d9d23ebeacd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff1bf4d4baf4aa21866d9b47c5763915

SHA1
853f7947a0877cdfee5a4c58291b14feb309e6d5

SHA256
c754e779ee0b3125a915084275ee845b1d5caf96e1dbe45d6228687f581b4809

SHA512
b6cfb59004dafb2c21d8a70601c0800fe2acf7e5785fa2cab902b5878269efc53e3b0745e899fe10aaf8f825d33c1c53c185b4a65e8f70163b15ee3aa047f728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dba01aa77c3f31765e468b5a4b92e04

SHA1
e7d5c29a05fcf699f0ea76e16c95f580fc9a1915

SHA256
73b34f2c707ddd1fcc566bea8939846ba371790534d16c0b3643ac7a1353d127

SHA512
01f0ddf5fe0c8b5df6483fd43a127a9978815aed57a82dd9394d5e2f1f3e816017e2b5ccb90188f6c26950f1b8810734f144bc60358dc290f0d79fd3e0915caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4596fbcd2ee6a6e0be28d7ce0e4f41e9

SHA1
04787d0c46544301561e336e487067a3c8f2b404

SHA256
30135d9b99fed820ef4bd76999676c20f5b0d7ff7a976ea0d495ae2cba43e534

SHA512
ba144e8b84ff46187bc5c2fe84763e2a453366fa1464c57e7d214419d427e82e50daddd0babca6a2cda787c9b7d06fb7cdcccb23797f5d75237f4ab56f98b8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51581aa7bca42131d8f529aa385c0791

SHA1
7a9ce4739aaba9370ba1d9e013c5e2811cc2e5ac

SHA256
25d53816d412cd0daa8d4317e6757842023dafcf8db4ece484347f169f147ea7

SHA512
ab2195e7b71d231e259abd567e6239e517643982f2ee317368df085493f7cdaf46c8ef5056e4092143a018244e6b7f9cc3c58954cf6e1a6ca58ff0952323e312

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b9727933d47286051ab666eb204029

SHA1
bc1f83f9c13e025f456e889e609d0cbc2bde132b

SHA256
7e5551c77dbcaa98a88cb95b1c4694feb47c7aec0a008f07e2a50bcc30c45ca3

SHA512
8857cbd73154ab0c64edfc288364f3cb02fcfeb546549796d0a12bcd0bffeed5d5386c0ae003a3023314b3cd07b46cd111fc01027e8ed93c79e7493b8e854b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48f03282c61d1f70bff9fd901f06ed7e

SHA1
181e3931ed5c84d9dc3f7199119ee82e3388aa71

SHA256
412619fdab73296d834d69c4273d56284bd122aabbf8a194fae3708d52738722

SHA512
6358194597ca4c8da9b5cacd99d8f24daf41191111c7452cc0a1ff8e1262906a5690d8ac555ba6b9cf8ea095ab6db4bf031a4dd6f2dc3431a5edb426b3affc1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89d5280a5ab2bd7cbc71efa0c90f0239

SHA1
b20f4ca4cec3104b2d889e3449380c52d34d2cae

SHA256
6e759add8305ee0e233a1e156f322252e3acb1fcc69e29283d8a439a0e68d40d

SHA512
a629bfa995b909bb3c5c21c76d1ef3c6a4ed2a6dd0a6acc7172cbaa33da7b0ddd39f9dcde676667f51f8daf9ca07f5f98dd6c7c34dec48392dad7068b71f00fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d2549382bf90edaf54d8b4417de4d92

SHA1
e4d4b33e7611f9eea7344bfc7b6f8c2d72101545

SHA256
528122f1036763b6462b1633a57345974f21902623ed9192262b4125ba7a170c

SHA512
3d7ea38c8e34ebaa2b6dd48dfd3db4bf78079758466e1e30980650d0af9e84de81ae32874fe1f87553c4437aac46f7a999b37e01bfac090d31ca5c12bf0df140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d5e42c2056bf784eca3ff7d156760f3

SHA1
e41a56cf8683092fd42eca0ce370ccab9303b706

SHA256
fad495b40f5b9b35bd2febaa2e0b1b5b3fe0ee943484326deb450c7f7abd7b22

SHA512
41a801d6996ebffc84db56aa93f297eca4f24b45fe6669c6529b7046fc066d13c0688a91c5ec36ffe6b5b713e23623940a09e0a4887e2e03bce4ded4d51792b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7646139440697035c31a183009da0e12

SHA1
4cb6eaae74ddd980e142469620a8d7b8593df75e

SHA256
cd09c7818d9fcc80a26397e1da605a2f831d7df4be3e96e3e56f6653c8ac7a5e

SHA512
46cf2874f981d3c370e079a14ecf61b1bc34203c192d665b503e93465c09f7be7954e50996ce5f049a3147228655113ca7c2b7e7a2295e62f190a99cff255c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa57004d09cb3885c621486112ad06a0

SHA1
5e61cc4ac563245ba38a61fef11b259c65c7fc93

SHA256
66910a3cd603d75f660d91453faf9b44c0b170f29effb32f2a1f2fb28d4e4697

SHA512
72319a3c69f134a27e1df92f3056e3aee4573790933da4583592d70f9f871fba8a5bc91a012d3950f98cc6766901dfb0e77655157fba1e83da2b393976096c16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29207c0b056b39981561e95bed73a4fd

SHA1
1a582540d35daab701523b75c7d8261f1f1a0cca

SHA256
485ca72b69da61e41e5189188296d0995528d8659be81c82418d8e0ba96be0cc

SHA512
1c441389de379aa9f2f590ee94b8caa22d60f3af2b235d7561cd7a03b646ccda60b83c09a2e944835467a5c74cbd81fa5d7a5e00511e0f6975b4ae93c5ab6e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaf914ca1ae082ab274629bf40c32720

SHA1
8c77d3d0a339bbca160f17b938bcae4654774eb4

SHA256
155cb78f49f534a37c4621227d5a3861382c26dca2edff569315ed325e30cce6

SHA512
db3d1310fe71098932a939a4aa672e30afe93cfb5185d2de208c3edbc9eb4bbb05ec11da292cd6158bef81d7126ddd4ffe5acbe93fb0cb22a68e318eb3e72f8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
053b1972aae1928cc225ac11755e0c4b

SHA1
35d47057eb7e4168aad35d10dd2a8a51890afbd7

SHA256
a960f5ad3a7bf7d5c689031a7f76a5af0c7d8c3af7c951b4508e86b5a79d2f2f

SHA512
8aced95371f32296aedcf7d841830b328cb87dd04d47728422ac4890878713326c441f2de2665d9f2a7be6ad347084ebe41978870889eae78d1e6e9241642ce3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f47502e532164c4e75ab73b575a85b74

SHA1
3f29da52f748bb96b57211ed911c3e53cb63fdb1

SHA256
93dd3f557ced7b1bfc93fe1fe153c7be4540e0f52077ca61494922962d091547

SHA512
a2e2921f9b3a20168c82c007ed900058ecb99a4303545deeec896fe7ff4eef66c8bdb28919e8446bf74181d168bc7ea11ad80701023b74e2fb6b37ccb1e96161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
379c68d624927ae2c184af7f217b4426

SHA1
c318702ab1006486742ded2882510cb578007bdb

SHA256
9ee1e177f18e97842f676be2c8efcb090fdd1acf342d685bf6de960c2dcad62f

SHA512
d9091f22073315ac66fba97a9d67ee7bd755a5e06e859059351d10ecda71ce2a4c0092b599dc40e5f2ac6cc72d323b9c930f13d7d31926cbf74f3d4b866c9ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1fba78e108637235349ba2aca60f0ce

SHA1
a4336fa361996d79b7f8ddf1201cae009042d4ef

SHA256
3bf672e3cddb9fcfb6f76d2de85662cbf9d594acfa666e4070b948cfcf3163f0

SHA512
dfc487fe058daf9a948457d023c9ad886385f63a02601cdff09db286dbc4c573040bf731d733ea731488d835fcde30d75b1a3595ad3aba1f4cf6cc467fe7a938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74dbe675681b7fd5a20665ff44362875

SHA1
02d410d08a7ea3882a4e14954289a5418b0e6fbb

SHA256
74c9e720ddf78dc2804aec4af47a98d96b7aa6a5e21149661aebf54c74818445

SHA512
73b0b9bca1800c08f389387bf1394e121d33d47a5dd297b63686763942e34eef611e8d4d96a85eeb4fb4f1d81757009a0dba4e4585c34f7e77bec9d628740a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D91A446\Configuration.xml

Filesize
494B

MD5
f99669671a6aad1bb2d5625b2ec756e7

SHA1
e428426b77316c04081b4926b296d6599578bed8

SHA256
f1087d18e86600a97de7e5394bf9dd8fb96ddc985d166cb100df56224a217ce6

SHA512
b59a35ed1830dcf74e69d6f8a8af65e76e120707b324d7842be68c3671a03854962495b65e8a9cafe542d70d3d23b5fc46eebfc7f148ec6114186e988381f506

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
379KB

MD5
eedfe2c2b14c2ec1705b34d5ac516259

SHA1
6b939fa843b54c21c26ef23868b462b20c3f049e

SHA256
8e4ec7f606dfb129cfc221ba95318ef64a24f41c8d6d254a63616014a7092811

SHA512
3ff3c36782706d983d13212f94e050439e13b3179412b3135b324fc932c456c33cc8f351bf72f78cfc05eca848337485de31724d40b9d0586e46cde306e5445c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
2.1MB

MD5
293bf281a71d45948584bfed8f74a4a8

SHA1
c93e1a1dca69cd3c846c9e9f899b995cf4bab20d

SHA256
77ac9c13a008601aee960603b4b8bbffc0a497dd3dab2104a54ec5f1cfd7755e

SHA512
ca85ee7c7856c8f932b27629ec06a200d023de0a430520ffb23d7ee35a3d828def05169adc5df6eba80ba0c54a8d345c9bb4c65083193209910709d56d8a2ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab783D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\OfficeC2R9F7D5847-EEA3-4F87-9820-996B846DCE42\v64.cab

Filesize
10KB

MD5
09b53e26f7d2135ad55b37f896e598a4

SHA1
82e1eb99b2bcda7303a88f4796f337e5010f6611

SHA256
b1f8e7102e5ed77a14c254fa586d78887d2a4ff4f9044be9756a10d43ee470f2

SHA512
266bbb52a23536a57796130334af36116447cbe12b6abc2abea9828ae18b6e303ba05d7464caf7c9337a8f4472f55919a46cbdbd4fffef9719565fc23e3c4732

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7841.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
3.2MB

MD5
9764cd24a6631be8df3b5e31448201ac

SHA1
ebaf7b422c17e5532aa6ca8e2443e43e1b0e1a91

SHA256
0c3879649e7f836535216b69217d57de7569e83c7d5a2472d90bdf6d80de7843

SHA512
78851614164e99b016d4d97318f7c2a70260befddf193ea1fba311fd6d324fd25e0d4ddebb4a376c60bfbd5d02c1e9d5580447a9d790cdfd3fa93c23a76b58d9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
1.0MB

MD5
d5aeb1ae1bb05a415b49c1d307960d98

SHA1
45157f2f7653901c3e9ca6c5575f7ad905f64739

SHA256
0671a252b9e03d75ea8f4cbf2811239fda54e6229770d2497397899282699c26

SHA512
e08e883a81a0ec20c7188c8b2cb48f0027bfad8002d0dfb32d4d8267714235c8599d8dd933629a6f5e9fb86753ff5aa2f1ad0738daa5a8dc6d8bc566d7e270ca

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
2.4MB

MD5
42fe660f25a59151ec157842bdca1fe3

SHA1
888e419223383e618359028431431ee1a96f6a5c

SHA256
3d9b673a656e9fa83e7c96161538e8e94797d27fb04891e0b2496c183b334dfe

SHA512
b9bc9612c24a60c3ce34dd0cd85d075720611f41e8ddf87a50321158a751ae2e92b8b16ea6f0d4fdaa6a08db0add87fecac3db9fde1c4bf0073da41833518768

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
2.1MB

MD5
d067ece3334aba666928a046bd0129d0

SHA1
5013abe120ed81481d5540c4c3dfc18558a554e7

SHA256
871054241a9ceb5b45d91a4fec839bbb0973100ff95657614c28e7cf995ca75a

SHA512
b717187e1137c1edad63711f7830319ce9af227e48d8709d528c754327b1f0a2d6069e79fb06287ac586631dc721314edb8c3dab1a4f7803684193a9e5822271

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
4.9MB

MD5
b374fa0e7e34b9ce9c142fe80e1efade

SHA1
2537f4523b12e9801f2acb8fe38d5d725a56a61d

SHA256
a87105965530799babbb71a1fd52dbd7cddee71c40e2c37576235d156ff02027

SHA512
8f5ff73932568006c38b9e1bb8daabf0dc6e419fc1e6d96159fb1234439b8ab9b283d617540cdc5860538affea89ba0a553f4ccf2b9f1949d9e907ba56c2f74c

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4D91A446\setup.exe

Filesize
3.3MB

MD5
b76ad39026a2ea0855bdaa3dedd73528

SHA1
46e2676de304e8c04421e790f94efb0e0ac4c997

SHA256
8e92a5295e429af2fde79b01ddc482fa6798e273c4ef7d9991747658a8eeeb7a

SHA512
d374d441593254b6630d3c6a673bb4f1d3e355c07ba400cb1fda3430037fdb2856639966490c7695da1582caf9cf367f42d483f9a790f3f470dae668a32b085f

Download Submit