df9db7dad9455a98a10a485df8f7aee20286ce409784403b0b04f84930b77833

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 00:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NеwInstً.exe
Size

554KB
MD5

65436a992b79948f161e0baab0cdaab3
SHA1

7641c07f76daf85099c514e886163d50f3a90aa1
SHA256

df9db7dad9455a98a10a485df8f7aee20286ce409784403b0b04f84930b77833
SHA512

d8fde790422919547059915432623187369623ea326373cf55c0dead588a416085ca36ee310cb56012147f23367197921d873a037035d0a027a2005efe570837
SSDEEP

12288:QbNufVPtxDKN/vFSXdemf6jo+o+UD5jcUWvprzuzCmHbL8SJTf4bYGgzaso6q8hP:QbNqJDKhFme+GXo+Ut8

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2732	NеwInstً.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NеwInstً.exe

C:\Users\Admin\AppData\Local\Temp\NеwInstً.exe
"C:\Users\Admin\AppData\Local\Temp\NеwInstً.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
577KB

MD5
1d73a7a8275a905520f275f1d70fd32f

SHA1
c818630da6d2ca6cc4fdb51a481c920494602a47

SHA256
9a0ed62adfe618600b10eb5ba879b0ef7e4eabc430c2f372aff26f5e3a9d09ac

SHA512
5cc0af35d61e1fbcb3b4cd3628fe02cb2f77608da079084cdf9118fed34cfa17ad03cb39aa1577c71b40cc7f91af09356f7fde0398a1d0684261b1d9745796a1

Download Submit
memory/2732-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

Filesize
4KB

Download
memory/2732-1-0x00000000001A0000-0x0000000000230000-memory.dmp

Filesize
576KB

Download
memory/2732-6-0x0000000076860000-0x0000000076921000-memory.dmp

Filesize
772KB

Download
memory/2732-7-0x0000000074D50000-0x000000007543E000-memory.dmp

Filesize
6.9MB

Download