571c988a51735f7aa56a303c70f8bd2c16b5179418d4cd9b353dda4d347cdb43

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UltraSentry-v4.0/us_setup.exe
Size

3.9MB
MD5

4e88f871d018884757698195bed6d7d0
SHA1

cf01805d9b81b0ead91e18bad7f6b6bca3b30d6f
SHA256

f0d722f7a76d84267b0c881b2ec0f1be4c312228823ae108f416d9ea83165891
SHA512

f1d267622969be2bf8f18b33b4c0827e9c0915c911ca4f6856380c4a2f7a24e11bd7e75bf0f4a0414741178499466fdefe885d0f512a3ffbea0dfa9539c7dbb3
SSDEEP

98304:tI4O45jfFAMIJhuwF8zMCBxL0FUdQiJVG97tfp/NoO4s8E:W4tfmMIJ/FGz0FUKiJVoJoM8E

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3040	us_setup.exe
3040	us_setup.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3040-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/memory/3040-94-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	us_setup.exe

C:\Users\Admin\AppData\Local\Temp\UltraSentry-v4.0\us_setup.exe
"C:\Users\Admin\AppData\Local\Temp\UltraSentry-v4.0\us_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1KG1M60R\unpack.dll

Filesize
34KB

MD5
705aa1dc6f5fb72a2182ffd2c95bfa2e

SHA1
08de4589e01d3f0f589209baf8b669fae04b5875

SHA256
ec8361e43f0f83d0da13261718b8791e5517375fce67b4055d390353a5b2ca00

SHA512
5d00edf396efc5c130e1e7071fe027afaaa35d4d746441a1f0e0736c4828941e55e49f5319f5c1739bd75d2b5e03504d59284b2754430e0053e3f8d5f2702e4d

Download Submit
\Users\Admin\AppData\Local\Temp\1KG1M60R\us_setup\plugins\0\CustomUI.dll

Filesize
344KB

MD5
8e3b15d1caa0c3792bf8f28452c74b66

SHA1
fde4aa9d34593981e489750bbdd94974f9ad5cb0

SHA256
8d13d27c4fca3ca77ac6196af0edc4b9a46677e98e2f7f52e43139438dab3366

SHA512
3766135bf3efed9f226835b914f3c5da3beae67f393778091899b769c278c7b42a7e8309036710aeee57fd56c819008bd36d9fb46a6740a39baa6dd1e7770614

Download Submit
memory/3040-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/3040-1-0x0000000000320000-0x0000000000388000-memory.dmp

Filesize
416KB

Download
memory/3040-91-0x0000000002CF0000-0x0000000002D4C000-memory.dmp

Filesize
368KB

Download
memory/3040-94-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/3040-95-0x0000000002CF0000-0x0000000002D4C000-memory.dmp

Filesize
368KB

Download
memory/3040-98-0x0000000000320000-0x0000000000388000-memory.dmp

Filesize
416KB

Download
memory/3040-108-0x0000000002CF0000-0x0000000002D4C000-memory.dmp

Filesize
368KB

Download