df405d9af127b6b3e769dd6b57cffce8b96420b730c3b5a23202b2c8c27b5c06

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

files-inspector-setup.exe
Size

17.4MB
MD5

2800c6f5947fbb6c9a86e5a3342a4aa0
SHA1

424640d4dd2fb0aefc84f178b75765f1c3865542
SHA256

df405d9af127b6b3e769dd6b57cffce8b96420b730c3b5a23202b2c8c27b5c06
SHA512

8492b327338a1d66214801b37d3cba01da092ffc9e635b29ec3fd7ee4a77d2285de123179c8c893321d934bdfa99f05b5153d753c3e9b50f1e2bb3f2052e62aa
SSDEEP

393216:89sXoVgt3IMk1odC1LPrEXvDZFJTnUY/WFrshQlyBdRO+IQ/s5EvUf:UsXo4aodA/w7ZvTnYRlytkeve

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2692	files-inspector-setup.tmp

Loads dropped DLL 3 IoCs

pid	Process
540	files-inspector-setup.exe
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	files-inspector-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	files-inspector-setup.tmp

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp
2692	files-inspector-setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31
PID 540 wrote to memory of 2692	540	files-inspector-setup.exe	31

C:\Users\Admin\AppData\Local\Temp\files-inspector-setup.exe
"C:\Users\Admin\AppData\Local\Temp\files-inspector-setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\is-KVKLV.tmp\files-inspector-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KVKLV.tmp\files-inspector-setup.tmp" /SL5="$70150,17350508,832512,C:\Users\Admin\AppData\Local\Temp\files-inspector-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KVKLV.tmp\files-inspector-setup.tmp

Filesize
3.1MB

MD5
14fe8dc606ef6314b96a5f847d7b2b56

SHA1
5a99f5837c793858a7bbbceb3e7e1ebde84f44da

SHA256
bdd09e3add6aea7467f72a119168a7946a4fc41d8b64d3021ee763a0937e0195

SHA512
a43506d514925107ffcd8bb7ce7bebc8c7dd4c5a9df52fcb1b2b3dae6d5ff889fa03d61f496bf06e8b0a87519c71fe2667239c1f0ff5ce6f4c3ee641aa5df5bb

Download Submit
\Users\Admin\AppData\Local\Temp\is-BLASO.tmp\CloseApplication.dll

Filesize
1.0MB

MD5
981eb6460fde8a6456f55811afdef266

SHA1
1a745e900f0ecdfd8f158c610f25cd5c38cf1d89

SHA256
f05248cad953f87b0006633813dd4bf5a73b8012a2c777cd9746960bf4112de0

SHA512
db9a1488f0a3b88b86a17ad65e37aa75648346cdfd2cfcc4f0c49adeb59e7c8fb7eaf30c26e670db49e4ccc6c34febb11c62fc2e80c1fe1d967f7a62b1d9e147

Download Submit
\Users\Admin\AppData\Local\Temp\is-BLASO.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/540-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/540-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2692-41-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2692-33-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-17-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/2692-36-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-35-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2692-38-0x0000000004480000-0x0000000004481000-memory.dmp

Filesize
4KB

Download
memory/2692-73-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-72-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-71-0x0000000004530000-0x0000000004531000-memory.dmp

Filesize
4KB

Download
memory/2692-69-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-68-0x0000000004520000-0x0000000004521000-memory.dmp

Filesize
4KB

Download
memory/2692-76-0x0000000004540000-0x000000000465A000-memory.dmp

Filesize
1.1MB

Download
memory/2692-12-0x0000000004150000-0x000000000446A000-memory.dmp

Filesize
3.1MB

Download
memory/2692-66-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-65-0x0000000004510000-0x0000000004511000-memory.dmp

Filesize
4KB

Download
memory/2692-64-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-61-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-60-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-59-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/2692-57-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-56-0x00000000044E0000-0x00000000044E1000-memory.dmp

Filesize
4KB

Download
memory/2692-54-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-53-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download
memory/2692-52-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-49-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-46-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-45-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-44-0x00000000044A0000-0x00000000044A1000-memory.dmp

Filesize
4KB

Download
memory/2692-42-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-14-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/2692-18-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-39-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-23-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2692-37-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-32-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/2692-30-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-29-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/2692-27-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-26-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/2692-24-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-34-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-70-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-67-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-63-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-62-0x0000000004500000-0x0000000004501000-memory.dmp

Filesize
4KB

Download
memory/2692-58-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-55-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-51-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-50-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2692-48-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-47-0x00000000044B0000-0x00000000044B1000-memory.dmp

Filesize
4KB

Download
memory/2692-43-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-40-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-31-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-28-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-25-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-22-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-21-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-20-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/2692-19-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-16-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-15-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2692-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2692-85-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download