0ff5a4b6033fdb43fe3b85e5c421ff644a8ef3be015a4610e2e5fc1c20e148eb

Analysis

max time kernel
140s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_i2pd_v2.53.1.exe
Size

8.2MB
MD5

db454665937ff4f60152c2db8d9c33d2
SHA1

e17ae675554f28e8685bfd0f791b5f56700c6519
SHA256

0ff5a4b6033fdb43fe3b85e5c421ff644a8ef3be015a4610e2e5fc1c20e148eb
SHA512

1718a1ce9abe14df76181fc5404afede55eefec6ed3e737081fccb09bd708341ae08093b5df00b229adc7a954c5502a894205b153cba73d4e8bfdaf6abcf1086
SSDEEP

196608:CZfA35RpNh9lE+pFnyHU/9u3KnHKGF+2OGpF:UfaBlE+3+3eKx2OGP

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4504	setup_i2pd_v2.53.1.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_i2pd_v2.53.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_i2pd_v2.53.1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 4504	552	setup_i2pd_v2.53.1.exe	84
PID 552 wrote to memory of 4504	552	setup_i2pd_v2.53.1.exe	84
PID 552 wrote to memory of 4504	552	setup_i2pd_v2.53.1.exe	84

C:\Users\Admin\AppData\Local\Temp\setup_i2pd_v2.53.1.exe
"C:\Users\Admin\AppData\Local\Temp\setup_i2pd_v2.53.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:552
- C:\Users\Admin\AppData\Local\Temp\is-NM8II.tmp\setup_i2pd_v2.53.1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NM8II.tmp\setup_i2pd_v2.53.1.tmp" /SL5="$80112,7679173,933376,C:\Users\Admin\AppData\Local\Temp\setup_i2pd_v2.53.1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-NM8II.tmp\setup_i2pd_v2.53.1.tmp

Filesize
3.1MB

MD5
d32f1b471a80cf76dc13a8626d142324

SHA1
0b7ee620f3a047b84a0173a84aa4e4a4878030d9

SHA256
f92b498f2820f1192e5b33a0ac1b4d4619024cf21a84ddfe4f7f88944b8bcf97

SHA512
590eaeffb528bcc94abd6d9159f4f3f926ee8bc698cab5c292227c7b2251b8f0bf4b9612fc3ef1af74fb83a06cc307d5def763bffbfdca99d59fff8372ce63b4

Download Submit
memory/552-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/552-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/552-8-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4504-6-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download
memory/4504-10-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download