c9f3844c8e48414ae6f118998455caf56cac0fe111f3203cfe09dcd845d6b0cd

Analysis

max time kernel
8s
max time network
0s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.1MB
MD5

258466d7b906789572c91686b321af7e
SHA1

db3dd33cc79ce372bc849ad5ea975e1f6cfd439c
SHA256

c9f3844c8e48414ae6f118998455caf56cac0fe111f3203cfe09dcd845d6b0cd
SHA512

7e50b7d7b51ef6f08b930511865bc624fd230f8910f2a5154e91e8c9a7187a624282d520ad42715f7bae3273c4b73a27a41d99ec13cf3b59b10139cfba77dde9
SSDEEP

98304:jAJbF/eB26JB6+hafAQ2NFSrsf9qgMsIZ/JUFmRT26:aGpafS0U9q0IFYG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2596
- C:\Users\Admin\AppData\Local\Temp\7zS42ABD096\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS42ABD096\setup.exe --server-tracking-blob=YjcwZGZlNjE1ZmM5YjM0ZGM3MWZmYmYyZTllYzBjYWEzY2Q4NDE0ZWZiNzlmNzNmMDEzNDVjNGY3NDYzMDAwNTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS93aW5kb3dzP3V0bV90cnlhZ2Fpbj15ZXMmdXRtX3NvdXJjZT1kdWNrZHVja2dvJnV0bV9tZWRpdW09b3NlJnV0bV9jYW1wYWlnbj0obm9uZSkmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRmR1Y2tkdWNrZ28uY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSYmdXRtX2xhc3RwYWdlPW9wZXJhLmNvbS8iLCJ0aW1lc3RhbXAiOiIxNzI1OTIzNjIwLjAwMDkiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI4LjAuNjYxMy4xMTMvMTE0IFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiIobm9uZSkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZHVja2R1Y2tnbyIsInRyeWFnYWluIjoieWVzIn0sInV1aWQiOiJlZmYzMDU0Ni1jOGM1LTQ4YmItOTk3OC04YzdkNDI3MGRhYTUifQ==
  2⤵
  - Executes dropped EXE
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS42ABD096\setup.exe

Filesize
6.3MB

MD5
eb798e91d503b97614756193e195a7b1

SHA1
06367f70a0b4c6de9e208c419beb84fa10c0eeef

SHA256
406b5edbd94bc38ce345d3c0f34b6b5fcd0405bd290a2ad0fd55c08b0695eed8

SHA512
5738431f355f599e88ec8b603f692a23a779ef41183ee1ebad3f7c81a9296a3df626d852cca1256791cc665d912f8f73c4ac00a15e4f96259c253290a40ba020

Download Submit