de4a7084a7545fe38b83472136acfdd9977c88a0ae86336080f3863a136fe520

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e_v3.0.exe
Size

32.3MB
MD5

900126e112a97ce08e3943f41cae0cbd
SHA1

00ef60191aa6adb6c8321cd8d588c5616edd8e44
SHA256

de4a7084a7545fe38b83472136acfdd9977c88a0ae86336080f3863a136fe520
SHA512

6306f46f26272900be161514cd8502a8133b177a2f1401a76d74835adaeece609c0ef37c1e5f8543f445001c47eab7a335503fa4b35e926be4f380e862325757
SSDEEP

786432:RTEib9uQfssHd6EP2soXOfAnLnyBOCZqsj9FAjL+8fPsJYQ+UY:Rlb9DPt3oXOfsTsO5eFAAaJ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2276	e_v3.0.exe
2276	e_v3.0.exe
2276	e_v3.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e_v3.0.exe

C:\Users\Admin\AppData\Local\Temp\e_v3.0.exe
"C:\Users\Admin\AppData\Local\Temp\e_v3.0.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\button.png

Filesize
5KB

MD5
54d6591717155fe6f767a81c3ab7ae23

SHA1
5e5b61c1df2d3736171ae929b330505acbee6519

SHA256
abb94090dbdafabcd8a3f84abab2e2290e2264d2e1cf47aee35a401ad3e31b9f

SHA512
937d22f7c881d50fd09e65630049e327d2c07dffe2f9f45b4fb426c31c597837b4d8c26c81b4be2fbca94023044d50af0d0cafd485e67a04d8bbd514c1c29478

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\finishMiddleOver.png

Filesize
10KB

MD5
e0e8b7fc3334d5f66e7879add86f350a

SHA1
d8bd6409fd000a9a70f55d1843c6a403bab8df9c

SHA256
0c113acf6c03f2c93b869d0be2e107dfcedd957f5839be798277ba2f4672a4c1

SHA512
873c35add6a821f1ac33a2d86a358e6aea4d954743f1d030f2e0328a41105e3c8dccebc38b79371b02989bccada5c2a089916e3e6984ec2489c0a31e993c48c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\select.png

Filesize
4KB

MD5
cad1f5470ac7980ed5e7e4f6dbf06eeb

SHA1
97c4750ceef10783cc9b930d71e016f74ddd3ffe

SHA256
4cfdc535b690ce5fd4d18dc9ca02bbbc3ead53f4c61e1b49b36e60dd12ee9fb7

SHA512
33eadac6014332429a68e0cb21edab3b1a4aae30b48e1790858a157693e60f8c77b5d4b0f191afd80aa2b10c68e4b4dc4153fc6ccd21a0444a1e38f8f564ee7c

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\nsDialogs.dll

Filesize
12KB

MD5
ef9d668da8f670cd009e61961ecc0b43

SHA1
b9aaa04caa59cef9da8c2bad07a56448d7762f12

SHA256
9a8a1d39645fbcaecb8f8c919ffb9a88803f2ed87bd95e828d622e624a0f9f64

SHA512
8dc42c92c0872b2422be8b7f1128fbc2853234c59bf54711bb8f5fdb52b0045ce2a1b93801690dcd7dc578c093a5bb14d6100b8a7eb000463dbc0cf67c99cdab

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF72D.tmp\nsUI.dll

Filesize
77KB

MD5
216f5cfd6ed412046cb41d894b7166af

SHA1
ec03eb5528eb11fd9fcab6f4b37b8bb999517860

SHA256
829953fbd44aba952850f70c4c343e03ee7f2c8c9a957d10a2780a021e0e1a9a

SHA512
6de05aa05ffe5c250684214e703b529fc7ec30ec632f97e11322bd978adfa8a5f3e1655f7e9e0978d8d7a8e9faccf291ba67348920159954664317642f0243d9

Download Submit
memory/2276-9-0x00000000020E0000-0x00000000020F9000-memory.dmp

Filesize
100KB

Download
memory/2276-126-0x00000000020E0000-0x00000000020F9000-memory.dmp

Filesize
100KB

Download