48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe
Size

5.9MB
MD5

b6a1d4830b73825b6efe9ce64d4ca02a
SHA1

4ac4be0396ce87ffb640e75ce13ba667617dacaf
SHA256

48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e
SHA512

18baf5c36a673c6b138a355fa78b3b5339e363df6a19250d680500bda4685ae72bee0de5f6868379768ba268e4ba511135458f18170985567f5cd5c13b2eb077
SSDEEP

98304:jCfphzIjedVG0G16pvDNfK4URgpHH1a3B78CUGRSICkgn6x5ls7vGnOLLCdO9Rvx:jCxhzIya16RRf/11QR4oSrznG5CisCdg

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2756	48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2756	48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe

C:\Users\Admin\AppData\Local\Temp\48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe
"C:\Users\Admin\AppData\Local\Temp\48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoE245.tmp\ioSpecial.ini

Filesize
612B

MD5
b34fa9b9d29d961ee4da73087eca8140

SHA1
6ff10e455100750c8379fd3e7b25f5f45b820bea

SHA256
f2d0fdf5d8a284eee4f59b041711ede5c3d734cccd5fb99dd605d37007ea4e0a

SHA512
2463f0cf4219360912a69fb7a3843e85edecdbd6b33965ce88fd6e0d6d750b56650a28a4e14e644ab21c0f63f1074433f8db5c3523784bdd907cdd331c0981ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE245.tmp\ioSpecial.ini

Filesize
625B

MD5
10c3f9c401245f15b38ff9326e4fc1b2

SHA1
9d3f5d62845c8781b4f2a4f94713aa2c51a6e006

SHA256
32c2f2970d22fd066a62ea8527afa181da85edeebc4831a4b7374b216ccc06aa

SHA512
f00c96cbff3fc94fc7e7a7fe5030977e766b8b9efa96ba36446c09a76c6808c416824ca475848796ee34af2a92fb26528041435e7dfab5e8b2c301883aea416c

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE245.tmp\InstallOptions.dll

Filesize
14KB

MD5
b18dfaded8f6d2380fdfd8f6b6969211

SHA1
969fa0e906240ab1123254feeb833c275626cf76

SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

Download Submit