0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
Size

5.5MB
MD5

e5818a5c1a95396a4047af2d21420aa3
SHA1

c2bef479a4feb6d94107506bbd77bf5849febf1a
SHA256

0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c
SHA512

78b7a67538ae32756b2595017759f4ebfa9e831fbd5e843ee77c0de07bc94f397122a963012b00dc23685952e83275b468cece43930355b8a33b266099aa95f4
SSDEEP

49152:MpCzMmgMrd0S9KugnWNf3mfyawmJEsT1BKCjDPy38jh7tUfQg:vlgv3ur3mffD3KCnwUqR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
4496	0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe

C:\Users\Admin\AppData\Local\Temp\0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe
"C:\Users\Admin\AppData\Local\Temp\0f7f650fe3e0e8b4aca3701e2358be80458f5f3d617abb30f420d075089b6b1c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1726033003\BaseBoardApp.dll

Filesize
63KB

MD5
dc621e737288bf826115765e81cdb6d2

SHA1
b29b288544ec42a76b7ec53a8c2eb2ec2ec8948a

SHA256
51a051c6f2a5faf01baa7230678e68781ad44f3e465f5ad67040f51193cb92ee

SHA512
66f636c5fba1cb01fb6c23dd76e39aec63b2e45124dfe1ccbdf8ec615c894de715781bd6d092ffbe3fadc99d2603eeb711b806c3f8ab1d2a01254447940d7366

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726033003\ISMBoard_Dll.dll

Filesize
329KB

MD5
60c72e9a7b3ef004f4c8bd0f370bb630

SHA1
80947a1da31662f1190bab95267f6a8195f4c111

SHA256
b8f9f2a7fb0e702df426c077b79da3c70d53efde8dc6c1c665c1779a3627589f

SHA512
b306a3b2efb7d922cf8fdde6c82c48511c14801c13941d51fe60e37641343a5cd2029d08991f636cdda852b8dca90bc9b2b180da941b85d3428e1df662858595

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726033003\PNBoardApp.dll

Filesize
30KB

MD5
e4367afdd4a3c313ab7f3cd0b25104cf

SHA1
e9b18370cf2978d7b36c525a704ad86f876ecc74

SHA256
8d070bc798c443ff23189e9be56d665ee90de63ff408c812e6fe418ea9aa5b43

SHA512
087f8adbdef0e769ddc608de9cb5691a12f2e7cf61d0bf439fb81ee54470afc4b0e046abf530a3b885b31ecf4da6c73beef30ef7b799b8195e4c83ab1c0f2135

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726033003\RelayBoardApp.dll

Filesize
33KB

MD5
d986c2263cc77e9b02fa4047a4cc1a64

SHA1
50d210525233ec352365b4a2f86fc5401d8f21e7

SHA256
b4e19653f089345cd704c57c1038ea78a514483f762ea5fc715e7ced23b891e4

SHA512
dd1bac3624f56fb27f69efe7fd9e8197f7d59c1a6e636d59e683d2506dce0ca33d9dcb78b0403605a1e6b3f01daac0172240418644cdb591a847465a0d19d0e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

Filesize
2KB

MD5
df5883e4b0e775a9cadb36e297b21691

SHA1
24c281b76908b8b0ac0accb0adfe50a08d17aa66

SHA256
5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd

SHA512
863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

Filesize
40KB

MD5
157c99ad1fa411735e42e38fdf5c93f1

SHA1
719baa2c0692fdd709c06fac221493964d2ca0d4

SHA256
2743820b8cdf279746c1c47390f1de9d1303316919fcab6fdaecf493f6c26db3

SHA512
76e2cffb685c5e0e4c2a2afd3bcdfd188840e9236f5d4bd59227c8b91d082c88f9729261244f5012025b34686c8970be790b54b729eb9a2677fbb1d0dba8a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

Filesize
40KB

MD5
09e258e55e9839eae26e300f69a16dc5

SHA1
6fd90c8a89f93a69902362c26305132f288d9479

SHA256
acec2c3f54a72c2bab2820a212f639ddba2857bdfdaf2d3487cbc0617cda1b3e

SHA512
58c3f6249d49535d81e50582c12d931461241f70cacc69da0a32fdc33390d07e9c1302c05bfb78d889d0b4b4f9d401f347ee1b3ec3fd7c95daf61753e5fc3ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

Filesize
2KB

MD5
51c491702d77ddd95f74469c3b7b992a

SHA1
d2780ef2dd343dc15894b4334d359d48ef82f260

SHA256
9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a

SHA512
b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547

Download Submit
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

Filesize
32KB

MD5
588c4d4eeaf7d8844703994502d8ac42

SHA1
dbebec220e2e56ad77a60acf0a2fc35a0271803e

SHA256
80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc

SHA512
2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

Filesize
2KB

MD5
b97680f3dbae582562b7dd7dc2fc076d

SHA1
ce06aa2a20791e9fa640fe974539eb18b09c9efe

SHA256
637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db

SHA512
b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc

Download Submit