Overview

overview

7

Static

static

3

152b8e1dd2...0N.exe

windows7-x64

7

152b8e1dd2...0N.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    152b8e1dd2051e56320b4ed579431c80N.exe

  • Size

    842KB

  • MD5

    152b8e1dd2051e56320b4ed579431c80

  • SHA1

    e78cca156d4ecbed1595a7894b50f14c5e7217a2

  • SHA256

    af7b758f0e5c287a1bde21af1f77cf3d88f9a020093014c887cad63bd050e6d6

  • SHA512

    5e06981e5caa318a3d839a029a5548ca583b46e46b72d4b783ba5196b6b41ba9006d178c40da4e3e0de7c1696aa6d0552d84288052727d408aabb19b95087b39

  • SSDEEP

    6144:HwynAtMrOVRkidy9yIGWlUiA2uIJ4O8b8ITDnlznZLZAKzD:HwKfOVRo9yRY/F4O8b8ITDnlLJ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 14 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\152b8e1dd2051e56320b4ed579431c80N.exe
    "C:\Users\Admin\AppData\Local\Temp\152b8e1dd2051e56320b4ed579431c80N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2556
    • \??\c:\program files (x86)\windows nt\accessories\it-it\sistemaoperativo6.1.7600.16385.exe
      "c:\program files (x86)\windows nt\accessories\it-it\sistemaoperativo6.1.7600.16385.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:596
    • \??\c:\program files (x86)\windows mail\operatingoeimport.exe
      "c:\program files (x86)\windows mail\operatingoeimport.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:1856
    • \??\c:\program files (x86)\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\supportcustomer.exe
      "c:\program files (x86)\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\supportcustomer.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2264
    • \??\c:\program files (x86)\windows photo viewer\it-it\sistemasistema.exe
      "c:\program files (x86)\windows photo viewer\it-it\sistemasistema.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Windows NT\Accessories\it-IT\Sistemaoperativo6.1.7600.16385.exe
    Filesize

    842KB

    MD5

    152b8e1dd2051e56320b4ed579431c80

    SHA1

    e78cca156d4ecbed1595a7894b50f14c5e7217a2

    SHA256

    af7b758f0e5c287a1bde21af1f77cf3d88f9a020093014c887cad63bd050e6d6

    SHA512

    5e06981e5caa318a3d839a029a5548ca583b46e46b72d4b783ba5196b6b41ba9006d178c40da4e3e0de7c1696aa6d0552d84288052727d408aabb19b95087b39

    Download Submit

  • C:\Program Files (x86)\Windows Photo Viewer\it-IT\RCXBB46.tmp
    Filesize

    844KB

    MD5

    7461cb9ad5f8382f2de82676d3749c19

    SHA1

    cedfd3f0b0cb1c17c41e1ae544201f6467a04afb

    SHA256

    f3cc676b8cd8f5ccf879b00f17cd3b8be304c449c941c4c7b4153e96c736c20e

    SHA512

    e257c5a5432b86053137593ce327c2b7abecd7896bc350e338cb781c1b991cd37877b6375704d04f998aef86722ff3552e9c434bfa78fc0a4373e69d4ccb750c

    Download Submit