Overview

overview

7

Static

static

3

5e5a11d71a...0N.exe

windows7-x64

7

5e5a11d71a...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2024 16:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e5a11d71a4178bcad7a5a5772bf1a80N.exe

  • Size

    4.4MB

  • MD5

    5e5a11d71a4178bcad7a5a5772bf1a80

  • SHA1

    056682da1848f33787a6c5fb111d64948970e39f

  • SHA256

    7c34d137aee07cb28262f902ed906a598cde80a68f2fae3a6f3774a4c0cd7da4

  • SHA512

    1ed7f437feef03f40736c9f3723d34e10bf44246e97f0c5f7c9bfa1c003c3cc8f0b6080885de19993e1e4b5ae59893f9dbcef382e4fd029bbc7bf8bee2e00d34

  • SSDEEP

    98304:NIy9IywmbANrkwpIy9IywmbANrkw4CYma:v/Zwz/ZwrXa

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e5a11d71a4178bcad7a5a5772bf1a80N.exe
    "C:\Users\Admin\AppData\Local\Temp\5e5a11d71a4178bcad7a5a5772bf1a80N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Option.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2408
    • C:\Windows\SysWOW64\UpdatAuto.exe
      C:\Windows\system32\UpdatAuto.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\system32\Option.bat
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    4.5MB

    MD5

    8147f2fc1d5b505572501a40bd598fd9

    SHA1

    14db1cc49ef19e885c196c7dad17008c271e89c9

    SHA256

    b54dc548bbf6477a0c39a20f4950a7aeeb7bac4e239d7c45dc22e61e94ea7ade

    SHA512

    3c6ac9f99315a74570855031f06f11fd3bc0b6a43aeffff0ff1202ef2016ee3c09d70dc8029c20e0a9aae59e5d31cdf73f6f7c61b43802f76d77aa601a62dff5

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
    Filesize

    5.4MB

    MD5

    2d1394cf22151474b7ed316033081220

    SHA1

    62baf9c87469c1498250af7bd531605e00b0ede5

    SHA256

    201cf813888ebcf4dc88057a101b62dcfc117469784b78fe9acb0175c22b5574

    SHA512

    430941a0abd8cce0cfe5a3ac9d1404df2be908efb2ef124fb99fe0dbe96acb55ec847a7f21201039a41314f3dfc2caf862031362931df78801d62e00657adfa3

    Download Submit

  • C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
    Filesize

    5.2MB

    MD5

    de7e8bac38edad2d1fa7a3d55c615f40

    SHA1

    a9ff06036fd4e6a7281e54b6ea5bb4d351f37f2c

    SHA256

    0215578b2574d89444ccd212fbcd0f135ddeded5ff9a18c14b6fedd632b569e3

    SHA512

    5d9f1176f4fc4333847a28aab83262c8cefbbbdd61e61843629ca61e50d1318ad89cfb73539e34b9cec05f98c5a8d29a028ff3c30d65b18433f5b86d2c440cd9

    Download Submit

  • C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
    Filesize

    4.9MB

    MD5

    e80a523c9177e99d8e45d159eb9fa8cd

    SHA1

    5bf660bca8a4726ca7daa6b9536d94004a09cb28

    SHA256

    d843085a21cbfe385d6d404d225d4b691bbd95ad1d3480dd9c955d57a6f79b23

    SHA512

    b15be6c69637882d6a8afffc75ee75f6fd10b087137dfcd7ba6a22bc8fede1a1a21c26e775936ed98183518aacc6192a2b05cadbe94114b0c53deccd25ee5be8

    Download Submit

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    4.9MB

    MD5

    01f6e48d8a4b35f928c346ac37acefe8

    SHA1

    bf4d65d8d27cba9061569f589dba2191ff8145f6

    SHA256

    f192b651de551cc3e1ea640d824281ef82cab1207a16bccb209c196a6de43941

    SHA512

    281f61cf3eb4a899524082f614f68ad148a224039006c23b3f4bbf675e7d71decf75b4276d7cc228d175462e211807edf4382f602f5a1504289f4fae4aee6d23

    Download Submit

  • C:\Program Files\7-Zip\7zFM.exe
    Filesize

    5.3MB

    MD5

    83e960f372ae2d06265423a10ebfbe34

    SHA1

    3aa07aad7ba0ca3f48a8bd68c4c1c0b34a7a8353

    SHA256

    eabe6b568ee58acd9125b8eaa47df3a4d9d2472965ec02fb743f6c6023949382

    SHA512

    6d7e91c14277637c9ea7607c00a88e0cb854bb3193e353735f3618af045d6d2e2c349e499231b0b9d3e2195fed86136a5bba7b84670355ecbc36a5468f992559

    Download Submit

  • C:\Program Files\7-Zip\7zG.exe
    Filesize

    5.0MB

    MD5

    65b5dd9cd6f242e8c0b3f1b90718e478

    SHA1

    8e1a0bbb9ad8aacde3f078f0e67c4264edcb0eb7

    SHA256

    cae60738bdc8e53667078b162079c7afff8537a0e3998fd9e6c566c70b56bb13

    SHA512

    822981d0910a3bfe6f5eb4358271a6fd914dc7d892e78ca2d22115fba9a2fc28c7baf77f9b482750ea13cf48eef9d133996bc4255509db2105b824563c773394

    Download Submit

  • C:\Program Files\7-Zip\Uninstall.exe
    Filesize

    4.4MB

    MD5

    71a0a9b11d04a66adfa7f4c087363eb8

    SHA1

    8020136818faa88eb2fcdab8a7a35b19853c273e

    SHA256

    6530e3db9d09a9189eef00ec977cec75eeaf5cb35a92bf426942a5fe86b51d60

    SHA512

    837683bde37a285ab953e2a56fef27eeaa58d5b396d8b2df76ebac1995581497b345282e3689c1230aeb9a304f59200341d746a3b03314c06d6bdd5101148e51

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
    Filesize

    8.7MB

    MD5

    777a46f998ec6b792fa05b34f0f3eff0

    SHA1

    8b3b1eabc2059819d1ec04c65575c449f7b1fec3

    SHA256

    0b68efa28202e340f8a40199ebce1a6f23df5381dd836c25daf81add2aa2e459

    SHA512

    39dca2ce285a40d70a41652e02299c5eeda2b9efd513f8454c46f691b3ebb44fc834d36af93e5af712c9fffc0d8fe28d3a411640387731909ba4abd619d82985

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
    Filesize

    6.0MB

    MD5

    80795bd3d42fc510954aefca35c60f82

    SHA1

    86cc403b02a15deceddceb3babcd3c80b32f78ef

    SHA256

    15df8d6634daf6f80333f7a9f7cd0dbdeae9c5f0436b1af7ec18185ff8228cd7

    SHA512

    7c474ffad8dde6af3a8289b2d399d194862fcdfaf313d7367f0138552aa40c1bc7def908acbf20d330afefbf121688b638477bab611ca40cef72395b1c9b95b7

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    Filesize

    6.0MB

    MD5

    3b4976a82d8758442e04c52eec5f265d

    SHA1

    31cd0a645a5648d87d6c8b255aa5759e5eec754d

    SHA256

    47387f278903912c134f649f6fce7b8368abae215383f25bd3beda5352fc8b9e

    SHA512

    b5c5bd8ed58b6f4d6bffb9ac3a134f4e09161e206d2ca7e81d7e569420f20a37160f29603005da836a390d080401eba08a8f29f4e84ce7b14ecf058bf9cc5be7

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
    Filesize

    5.6MB

    MD5

    b987e64aa2b1029ef477f17b8eda44c1

    SHA1

    56a5173dbfcf06cae2389ccd7e5bcddeb3f1ccf6

    SHA256

    d643fed20dd473594cbc809e3461799133503f5825f4e7b85b9091633a05f444

    SHA512

    d108be1ce9effa37d6810c0efa370267c741d14f9c5edd354f18dcb1959b6ddd286948b88cc9f0568614e9a6da1068ab49668bce1969c1f2e756c7cb5031c177

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    Filesize

    7.1MB

    MD5

    ba47845373d344f15c2512275e834cfb

    SHA1

    5965fff6847a1183e2608d5d0fe3c19dcef50681

    SHA256

    3b25e58d174dc888c2ceb7b0b05d6e808a664a21f221a2c0d94b0008860b69fb

    SHA512

    1a08ca29270066b9609f3068aff5b904bce81dbc6e1d1184c1901f93f4c1d18588cd7f0d1c830eb99a079628de5201daac6b1c2737c3068b40a13550000b0ba9

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Filesize

    5.4MB

    MD5

    5955919b42fcf042e4d93a8ed6a82a0d

    SHA1

    297b8fb62997e246a96d460348c4293e1784680b

    SHA256

    cee5e4f5214ca419d011ffe79e98a95ecc68ddfce01360fa398a251309b6af74

    SHA512

    fed2786c702904995d35771042988bcda12c482835a1334644292b770a557d0db49a5d91a4c737e17fbfe004442994e1eb1752fd57ea703f7348e29376ec5c90

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe
    Filesize

    4.4MB

    MD5

    61b87442989c13326b019950dc895746

    SHA1

    0b3e8db238ff767c533cd6e011dab9d62c66b643

    SHA256

    6bcb68f21a5113b4d1f1faa019f4c3bb6fe13ab495cf6c60cac8b06eb8706bbd

    SHA512

    1cee075bab09fb73b93dd197a8bfca88b1d5108907ae8e8e0955c7842cbb5629791fa7e895344c860977efe871cb772913850080b7ea49cc2dd39d065d25967f

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe
    Filesize

    4.4MB

    MD5

    5caa08ba584aa93b576c3902a44afd6d

    SHA1

    50f9c6b6d1108449bf529f25a7aca63195e9cb2c

    SHA256

    1d647994bf8ef8d0356a17d1dc2eb0a1598553b05761366db5640438e4f9f20c

    SHA512

    f3565fcc7940a8bf5224a6513930ddb3a723ce64772e0035ce06fa6dfe5f261aad03fc12a391236c5eed0194f9bfd3a7a6d1b9937d1761cd418b37e2efd6e879

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe
    Filesize

    4.4MB

    MD5

    615c3888c988e5b6b079caaecaea406a

    SHA1

    157172e39bffb7612c0cdfb5c0cd816d129d1638

    SHA256

    13826bb792b9fd93aa78314614e1ae5b2100256650c8e50fd54ee30356aef9f2

    SHA512

    c0d1363d399813054b8d154ddd51dc82df829279ffe20181c24afc8f965c9a42fa21d0172b8d1566f51cb102f2911c0a60de2fa02e354170d27490b13e6dd86a

    Download Submit

  • C:\Windows\SysWOW64\Option.bat
    Filesize

    53B

    MD5

    1d04abf39e9df55eed1d04430cc21eb8

    SHA1

    b8292861dfd4e046eb9625e1571cc08c26094d41

    SHA256

    0bc485263cf8a962e64db0b88f156f2a9af1b81ecfdb1cf9111d497e85df70f3

    SHA512

    a2cccc03dadecf6a298b274a6735675aeec1cc280f84432498e9df31aa4a543d2557a2fd06bac4fc8778a774b30bbd31f91c1d0d3ace480b6217654c8d63a7d0

    Download Submit

  • C:\Windows\SysWOW64\UpdatAuto.exe
    Filesize

    4.4MB

    MD5

    5e5a11d71a4178bcad7a5a5772bf1a80

    SHA1

    056682da1848f33787a6c5fb111d64948970e39f

    SHA256

    7c34d137aee07cb28262f902ed906a598cde80a68f2fae3a6f3774a4c0cd7da4

    SHA512

    1ed7f437feef03f40736c9f3723d34e10bf44246e97f0c5f7c9bfa1c003c3cc8f0b6080885de19993e1e4b5ae59893f9dbcef382e4fd029bbc7bf8bee2e00d34

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    8924a5fbc2d621bd64088ea8273cda6e

    SHA1

    4f3ae59d179f97dd38d15918012e78c33220d39a

    SHA256

    ca93ed2db7c45475b8c73e32793232ed942949dac0cdac34f90cde0ceb3352e9

    SHA512

    b382c559f060f3e929c7621a1d9af2f2bdf0a66eae06ef9858622d7de395b21c3a352f1cec2101760c641d9d0696babbf883860c0f806c91d1a4155c1cdbb9ab

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    6b9208af698ba3ba6b03cf77e8f24bf9

    SHA1

    2954a444945ccc4b18107396167a64abae6e7724

    SHA256

    e4f2f7f87261ae0930e3f6208aba1b36e5435eba1ea90decd1b8da23ee3b389a

    SHA512

    c976b66e92786af0c421456f210919afaf5c9413215cb5e199ac1a186566acb6919d78460a0d36aafd56f157f84fb0210c4d45f534b6950a29f08ece1c565eea

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    9e94707f54206edbcfca1988c9539901

    SHA1

    44e0ed2112eeb6393337d32b14b8de3f618c86ac

    SHA256

    62bdcf56aca4027a89dc286fcc53ac26116dc146e6c67c365feec686b6ca3e16

    SHA512

    f5b336955df1a6bbbced2d889b26d66e1edbf37656a63e2049cba9f90643ea16fabbcd3fc769e660ba3e4ebc4f678610939650f5293d10242df9efc4622944d6

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    65e9087ec1f3fc108753c8b4c91574ee

    SHA1

    a701cb6eda6934f81fbcd23e095005de9f608a64

    SHA256

    1ae5a4767b1f0a4d31c153c8cddeaad3939a6cc3600849e682c5ff33482d95de

    SHA512

    01df6ebf234612850689c45dfb91d8bc5c1b070eafc6806a8a389b0eacadbc962af239bbe5929a1dac240a4d83e697735ed743caafa466b2271f9c64ede94d4c

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    2409525b9fd8780fc1f8221ed5bf9db9

    SHA1

    9fbb55edc301d8197db23f0982be11acff7ef886

    SHA256

    0c5f58819f4f2cc3017e0420a0034748d8c3001debaf2aa6f64e1e68fae21b9f

    SHA512

    f45e6330b1084e2d4539b6a3b4dec48907727c58ecb8f0b7c51d1e957c8bade0ecc6754a91a4c4448dc48570aa327acd73fb23eb4c2ef5b57a24288885bad65d

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    df257a9d699208e3c4181b4b38d5f74f

    SHA1

    f19fd919fbef88f576162b4976eab4ab76d2c4c5

    SHA256

    92a52bdd74ba19e0ec8ea16b7ab2161ae542952da6430581297e1fcf9647c078

    SHA512

    123cc50b514dbebc0390b9436517325971c463b2a04e99de92560275179683222ea1d2c213a1cb4ecfa8ee0f42fd52b7a6bc4cf665290f13c0e577a4b5f18f6b

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    7c78c0ad468e0cef9a99c2d00ef60d86

    SHA1

    e03a64392d75d7672a0c54263516d5db293dbd6c

    SHA256

    eaa5268949e26d2a8e5fbd72985d74aebd04f33c9627c7db35e13a3e70197e4a

    SHA512

    228ae25920d99df91e2223d2bd899fcac810d9095ad221cdac0b2ec8127867a8b167f2577e322e1aff1f0916288148ef58321f09a46c69aa8dfcea1ca785c5d2

    Download Submit

  • \??\c:\ntldr~6
    Filesize

    4.4MB

    MD5

    8c1e52b2004c3569acc34a8449479c2d

    SHA1

    a2084f73bd72d2aaa2e38d3dbf3381df343f103b

    SHA256

    897799f8641d54f8e8ed35420d55599663c34a34d02a982c681e2b3c3f3f507d

    SHA512

    2e0ce1a8a192d9a9c6f4e71b48829a4434a5f35156b6ebb5774f457da70ec26992361f673a1ceffa88b8756d5024ed6bdc6d636098cc5ca66d3ee4e3b5afa7d5

    Download Submit