7f1213bcbec4cc689540fbc38b994a25a60c4ba0e0e0d1d9457a4b3c5f360742

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

moviecollectorsetup.exe
Size

8.0MB
MD5

2c7f63d7d2dac4bcb1c37103dd553c00
SHA1

0ff06e14f883bafe6bd82562e20bb915fdcd5ef0
SHA256

dba06e03087ab5e3ec460ac485b17b173d5431d2ed6cedbb9f494803961fca72
SHA512

edb1b9d10107206eda52bba483b1159052d83598b7d788f2f9f52d77f0f52e99d0b0d20b7ab549de3135ee3392c40b3f903a72b1d40c289c6fadfe3128677d04
SSDEEP

196608:aVfB8jRXlmDWci3tUNYAymc7huNhOR/jr+7NvnrOkK+YD9Q:+sXlnci9UNYAroh8sR/jK7NvrO7nDK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2188	GLB8391.tmp

Loads dropped DLL 3 IoCs

pid	Process
2072	moviecollectorsetup.exe
2188	GLB8391.tmp
2188	GLB8391.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	moviecollectorsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLB8391.tmp

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2188	GLB8391.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30
PID 2072 wrote to memory of 2188	2072	moviecollectorsetup.exe	30

C:\Users\Admin\AppData\Local\Temp\moviecollectorsetup.exe
"C:\Users\Admin\AppData\Local\Temp\moviecollectorsetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\GLB8391.tmp
  C:\Users\Admin\AppData\Local\Temp\GLB8391.tmp 4736 C:\Users\Admin\AppData\Local\Temp\MOVIEC~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\GLB8391.tmp

Filesize
70KB

MD5
c81a350a8285400d83be77154bc1cf02

SHA1
0a097929ae14ff4468a2a0dff3f7f69b5bd45592

SHA256
0b2cdb9f66fadf9fa131b4802c0f29d1194e8f48e46a99ba91dcf0488c9a8f55

SHA512
bb2ae5fa3410cb320479dd0ed82b632ddfdc9d1cc964a44dc7c5b67e1f83adcece4592d23647f56fd24675d18396bbc6d790e2c4de9cdc0e8784e5e7dd6351cc

Download Submit
\Users\Admin\AppData\Local\Temp\GLC83EF.tmp

Filesize
150KB

MD5
f3b9bfed127ffc97f63cd8c7ce8bc1a9

SHA1
468425842e3a29a4de6adb03652f02fdafd9fc82

SHA256
9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582

SHA512
671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff

Download Submit
\Users\Admin\AppData\Local\Temp\GLK840F.tmp

Filesize
44KB

MD5
03a537a2be784dbb334a559347587a8d

SHA1
2bc6ac78a7928468584b38c49fc8191cdf7cd7b8

SHA256
791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5

SHA512
527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037

Download Submit