5207e304079adf22796b11b4eee2f18dd10dabe2792fe1e6d5378a637cc2daa2

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62ead9efab53457c6f5771b5e6de6f10N.exe
Size

51KB
MD5

62ead9efab53457c6f5771b5e6de6f10
SHA1

0cf144ec2549296377cbf98c95651670bc22957f
SHA256

5207e304079adf22796b11b4eee2f18dd10dabe2792fe1e6d5378a637cc2daa2
SHA512

41e85c7f65b783c38957334b04a2ffc7294235dfe89a34b4a7b3f512550800ccac54c956cfa026c0f9ce04e7be4b5fe2c9700fe6a40f637d3643431fed87a03e
SSDEEP

768:AGMK5/+4HOj1TStcXu105yBhA7MQF41CyUDB6UBKO36/Fnl9O5U6pe:HZ5/+kOj1TLS9QF41CyCB/d6//9Om6s

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1648	opera_updater.exe

Loads dropped DLL 1 IoCs

pid	Process
2132	62ead9efab53457c6f5771b5e6de6f10N.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	opera_updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62ead9efab53457c6f5771b5e6de6f10N.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30
PID 2132 wrote to memory of 1648	2132	62ead9efab53457c6f5771b5e6de6f10N.exe	30

C:\Users\Admin\AppData\Local\Temp\62ead9efab53457c6f5771b5e6de6f10N.exe
"C:\Users\Admin\AppData\Local\Temp\62ead9efab53457c6f5771b5e6de6f10N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\opera_updater.exe
  "C:\Users\Admin\AppData\Local\Temp\opera_updater.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\opera_updater.exe

Filesize
51KB

MD5
4fb4afac5b1513f9305d1f3530f77e77

SHA1
4d692f7fe2e166a761a010cbebbcac2ded6a4d9a

SHA256
7898e4714ff213da17ccb421f15147947c621f875b6797e4ac79a5ba497a50b9

SHA512
251719d881f6486370edd26ad0ff87e27c0610f34bd1bc6772808c9c49af4e3e0fb47c23f7078002a5b28ec14a933236663dd30cb5889f5b20553cbae51d6df5

Download Submit
memory/1648-7-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2132-1-0x0000000000401000-0x0000000000403000-memory.dmp

Filesize
8KB

Download