84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

Analysis

max time kernel
141s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ovisetup.exe
Size

4.4MB
MD5

1692aec61ddcdda471defa199c62d25a
SHA1

484af221468ddb534b74e12970de80d5dfee2b28
SHA256

84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1
SHA512

19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a
SSDEEP

49152:9Hox6U/D1LbDxklrSWZAhizWV4yFK73bBxaaNNG0pHSdtDLboHTBWpHg6UvM98IQ:2x6qaAVpchNG0pHA57HgR

Score

6^/10

discovery evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ovisetup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ovisetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4296	ovisetup.exe
4296	ovisetup.exe

C:\Users\Admin\AppData\Local\Temp\ovisetup.exe
"C:\Users\Admin\AppData\Local\Temp\ovisetup.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
1KB

MD5
40920b525c4bbfac108294aad2502917

SHA1
542555cfa3a18c80849d240c63001b5a70df8aee

SHA256
36360f20346e4f1574eac0da47c70ae36bf332ab98addb351e18fb54072a856c

SHA512
46371e14755545d1b40d7780db9af9e040aa4d7936eeb7313cbf9e16ff86330bd6750f319fcde0de1d8694f036d869efcb04dfa61808814cdd7911ecedd9bcb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
5KB

MD5
6fb6befffb201490b994c55204d82973

SHA1
7922ea4cfc782ba1149d2c6cd19a9bf2bc33f0e5

SHA256
857d810599b0e7a2e730dc6e92cf106a5bfbf4fcfbcea804e027dce110526686

SHA512
b147fc991d351b0b9056ca0405c7af381f26607b1975cf6fbd852c9391a7f2569d5cf8eef930d94f9054b2d127a99e8c090f317248a3ea302f82ceec24ba0130

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
5KB

MD5
082a7d926d338620f948f2523343401a

SHA1
02f891a274de78c4becc8187a471089e9c1bf617

SHA256
6ca870f5f964ac82a2d8cdd59ea8da693cbb88b78d6eec51867da8fa31480ce6

SHA512
dd4a9a7fbe18a7328ffee21cca2c508e611ed188d2600228cf57df1375d0669e6c4be0bd18f0aca76135faa761f49946282d4fcb114fe0ef70d33d1e15d7a4d1

Download Submit
memory/4296-0-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/4296-3-0x0000000000401000-0x00000000007A1000-memory.dmp

Filesize
3.6MB

Download
memory/4296-1-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/4296-34-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/4296-36-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download