c6dc697b68f4744bfd38cfd8f62e179fd236ecbbcb7e7555fdabd2d30dac9f73

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup (1).exe
Size

3.1MB
MD5

3ff24a81ae3cfe0f5bad2904240743d8
SHA1

503599a23b1a77f7cd0e155791db2ef8acdcce37
SHA256

c6dc697b68f4744bfd38cfd8f62e179fd236ecbbcb7e7555fdabd2d30dac9f73
SHA512

1e9cf2a7371546d25180c1be3059b2f90f1018104b55214a83ea25b633a90151a80140bb6c7d18fd98501c0ee79865d8d6b68f3df7d8ea597bd0c92861d0fd41
SSDEEP

49152:eNEyYYC1hqiJckG38dBFOhg5/6qF3rjb/h4CNcTCP8xphzSNtOSe+aSc:UEP1y3+0hgh6u/ZcTCP8BzONaSc

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2188	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup (1).exe

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup (1).exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup (1).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2288
- C:\Users\Admin\AppData\Local\Temp\7zS0F897FC7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS0F897FC7\setup.exe --server-tracking-blob=NDFmYzkwMjMzMWM4NTY2MzA4YTQyYWYyMTg5N2YzM2RlNDYyMmQ4NWI0MzQ3MDVkOGQwZjk5YzkwYjM2Zjk5Njp7ImNvdW50cnkiOiJDQSIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9DQV9IVlJfV0VCXzM1NDYmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0zNTQ2X2QyZjZjZDY5LTU4ODctNDlmZC04ZDAyLTVhNWZmOWYzN2JmNyZ1dG1faWQ9NjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGImaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCUzRnV0bV9jb250ZW50JTNEMzU0Nl9kMmY2Y2Q2OS01ODg3LTQ5ZmQtOGQwMi01YTVmZjlmMzdiZjclMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fQ0FfSFZSX1dFQl8zNTQ2JTI2dXRtX2lkJTNENjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGIlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCZ1dG1faWQ9NjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGImZGxfdG9rZW49Mjk5MzI4NjUiLCJ0aW1lc3RhbXAiOiIxNzIyNDYwNjgwLjc5NTIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI3LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fQ0FfSFZSX1dFQl8zNTQ2IiwiY29udGVudCI6IjM1NDZfZDJmNmNkNjktNTg4Ny00OWZkLThkMDItNWE1ZmY5ZjM3YmY3IiwiaWQiOiI2MTY5ODE0NDFjYjM0MTQ5YjgyMDIyNDZlMTIxMGZkYiIsImxhc3RwYWdlIjoib3BlcmEuY29tL2dldC9vcGVyYS1neCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJiMTg0MGJiMy0wZmZhLTQ4M2EtYjZiMC0wYTBiNmZjYTI3NzEifQ==
  2⤵
  - Executes dropped EXE
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0F897FC7\setup.exe

Filesize
6.4MB

MD5
241331bede4cd250aeead156de3225c0

SHA1
4e6ebbfda62706203c7f3016d136560854841358

SHA256
b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86

SHA512
9eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712

Download Submit