Overview

overview

10

Static

static

10

Kalkulator...g.html

windows7-x64

3

Kalkulator...g.html

windows10-2004-x64

3

Kalkulator...ni.doc

windows7-x64

4

Kalkulator...ni.doc

windows10-2004-x64

1

Kalkulator...n.html

windows7-x64

3

Kalkulator...n.html

windows10-2004-x64

3

Kalkulator...1.html

windows7-x64

3

Kalkulator...1.html

windows10-2004-x64

3

Kalkulator...2.html

windows7-x64

3

Kalkulator...2.html

windows10-2004-x64

3

Kalkulator...or.exe

windows7-x64

10

Kalkulator...or.exe

windows10-2004-x64

10

Kalkulator...or.url

windows7-x64

6

Kalkulator...or.url

windows10-2004-x64

3

Kalkulator...ja.exe

windows7-x64

10

Kalkulator...ja.exe

windows10-2004-x64

10

Kalkulator...00.exe

windows7-x64

7

Kalkulator...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kalkulator/unins000.exe

  • Size

    627KB

  • MD5

    93ca48d15c99dfcdebdc09b0238275e2

  • SHA1

    42e435fbf113fc1a4bb4667a682ea070a69f0928

  • SHA256

    882f15b083c10518e5fc89ca5c1b88fda47cd3cd403c3a637a2c2f02d1850eb6

  • SHA512

    2a78561e13dd0f0ac7a650b7803c2fc39bc4043b9be9e2ef6ed477b674fae8448430f033d0c9061ad0241ecaf55a5a972cfe17e6461c0182cd61963bc620fe4d

  • SSDEEP

    12288:6tOokrvhfrPY37nzHNA6iA1D2ftCy7ONbzw32AreMAZZ9xpm:Bo0vhfrPY37nzHNA6iA+74seMAZvxpm

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Kalkulator\unins000.exe
    "C:\Users\Admin\AppData\Local\Temp\Kalkulator\unins000.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
      "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Temp\Kalkulator\unins000.exe" /FIRSTPHASEWND=$8019E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
    Filesize

    627KB

    MD5

    93ca48d15c99dfcdebdc09b0238275e2

    SHA1

    42e435fbf113fc1a4bb4667a682ea070a69f0928

    SHA256

    882f15b083c10518e5fc89ca5c1b88fda47cd3cd403c3a637a2c2f02d1850eb6

    SHA512

    2a78561e13dd0f0ac7a650b7803c2fc39bc4043b9be9e2ef6ed477b674fae8448430f033d0c9061ad0241ecaf55a5a972cfe17e6461c0182cd61963bc620fe4d

    Download Submit

  • memory/1964-8-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1964-9-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2488-7-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download