3f9d7044a494030384eac541c96f590d7fb46615b653bef1eff3b56102772d6e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SESM20042580 UKWT5376.exe
Size

1.5MB
MD5

a2337a4e339c515e1a876b6299ff3e25
SHA1

8f813df1a74cf1701e1c94e7ee8c1a3300622dcf
SHA256

a6a009c10125451a3c7eb2a8318fb6a9ea469f1d88ba8d4156f90f4d250fa06c
SHA512

a5307bb69d3587026a255bf999db62ef41160909e7d69d026a30ad7f071bd9f0877ce7d336b100e3e151292bbbf6807d2e7bb21b56e0541d4a4efd0958d8c84a
SSDEEP

49152:qMwVgK80g/UzkthRz33OO/xPO+EuseS7w:f+VTg/UmhleSxLsN7

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe
3040	SESM20042580 UKWT5376.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SESM20042580 UKWT5376.exe

C:\Users\Admin\AppData\Local\Temp\SESM20042580 UKWT5376.exe
"C:\Users\Admin\AppData\Local\Temp\SESM20042580 UKWT5376.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsoA7D.tmp\BgImage.dll

Filesize
7KB

MD5
e2834a37c23a5c487b6e3a55eb95dd8a

SHA1
2ebc683fe079a8b0081283fd4adfff82f52dfa4d

SHA256
73abbc57661987e7a0aa7e43f6d7dcff63a74615d3b731d94891b05e0e19adcb

SHA512
c78edd37a46db20f56bffcc63358bde32b61552bc2e1e0960a41d36a84795e6d7fa4bb523ca1f1995ea62c60c8060cbadd5764d3a133de4ccac7501e68075e68

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA7D.tmp\UserInfo.dll

Filesize
4KB

MD5
98ff85b635d9114a9f6a0cd7b9b649d0

SHA1
7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

SHA256
933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

SHA512
562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA7D.tmp\nsDialogs.dll

Filesize
9KB

MD5
48f3e7860e1de2b4e63ec744a5e9582a

SHA1
420c64d802a637c75a53efc8f748e1aede3d6dc6

SHA256
6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

SHA512
28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

Download Submit