59e5b39aacdc73bb1e56f3899cd57313f7033ecf57b5322a5d15acc6bb22ee49

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.8MB
MD5

4346667ec69ff8e01d0f2c38601a0180
SHA1

f5eec52d9f60de31f2c798a7ab0ef5ab71d07774
SHA256

6aea557b50d96a85c21a7eca050afd1c83a686fd7d36bd5c2407f7ca9a8de0a7
SHA512

d759e4ca8eb73e08aa5182ebdd06db12b2fa7f647fe06fd86503962e6cdb504ec63ef9793cf4784a52fb4f67a0da87845eedcf96ae4de3d5f32dd9c3643cd414
SSDEEP

49152:wjItTZaFH1iyU+mA9O3AdDYWpAKAJKd+hHeUuoHd33ckZgTho3It/O9hrnkCVuAn:zhMViF+mTAdD9AKMD5d33LYt/ydJRn

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1828	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1828	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoC247.tmp\ioSpecial.ini

Filesize
771B

MD5
88dd51609e670e40c547610914dc41cb

SHA1
8769762eca3dd11503874d037e75c2d01c5b39dd

SHA256
8d61aa9e36395e88ea07666c718798ba5c84e6c147a618571e31b7f1d8d61c58

SHA512
e34ddcc96d756cf158fdaabb92607db47dc9d9a706d01b348282c5c2e5f699c954efee52f45ef27a9682e3ef159284b0bdbd533571efb88d1e72498843d9a105

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoC247.tmp\ioSpecial.ini

Filesize
732B

MD5
9194f802a91e2c07eba73e48c0124b09

SHA1
3bed65b5716c691d079d18e455b2b406e0ff96db

SHA256
38e29575afb842ec15b1adcf90ef1f546be36f87fbbb1c31ddb411da5aec0315

SHA512
2c8daa2385dc2555f7703cd7758a6e56127951d80b8837acf95cb769c16516dd87de817d8ed1df3c1119301820b5d9dc2b28ed7feac05a71141f1478279374ed

Download Submit
\Users\Admin\AppData\Local\Temp\nsoC247.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit