Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 19:15

General

  • Target

    wentra/alperenxrq.exe

  • Size

    11.9MB

  • MD5

    bc9ea1f205d6e0e52cffd65e0d5535c5

  • SHA1

    275646802d56921b1f92231d27da935048f53864

  • SHA256

    1bd7b1beeaba06d9f0edc6d8cf9a2f999b5b4db5a9a053ed0d9c1e06c4ee3aec

  • SHA512

    ddd0a6c97688429645a53143801432638a29bb2f6a602fcd715e54e1f36b5ac62a4daa258495713657e3ef68d3b6964d3b08eb55f6a0d9dc2322c7af99d626f9

  • SSDEEP

    196608:xJQNljpryeo6GdTbYFzLzpl80JXQT4EnbUaAf00BU3Yg7MPrDhdYTQ4ILDlL:XQNFpryrddTbYTlvJubUaT0cgPr1d5

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wentra\alperenxrq.exe
    "C:\Users\Admin\AppData\Local\Temp\wentra\alperenxrq.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.33&gui=true
      2⤵
      • System Time Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3e06dc7f613cffb489902eea026927e

    SHA1

    e3ebd3f803c41ff00c112abc8c7c3addd64d6454

    SHA256

    695b0656ccb35f8c04ca3d6ac14cb024479cdff9c46331374ebcb548100ceebe

    SHA512

    36c9c8bb8262a432b09d341cb9049c216745d7d7840a1616a019d64fc29e33c88325636e47dfaa92ab60b61d0964539c884c371d2ff6d17e20f4fdbf6d04df5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a16a91b3e6db103fe5869acd894415d2

    SHA1

    db38b96ea45ab0807f1340ce3de728b7c1b3b6b4

    SHA256

    d1fc6b20b8c29fbcb4362288e8671adaecc6bfe2b7daecec3bd58fafe7515ec7

    SHA512

    863b3d57d9ba45bc8c0feaa1deb4f2a0979c350908f83c66de89b29d5206ce5f78a89926e0ff940b175714bc0753b8ef9240a6e333f38a2be647b49f94d4bc87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee613f3bfa2815adc86ab2139c60511b

    SHA1

    e76b59f294a057e28470cf89c1afc905c52062fb

    SHA256

    277774eb6e9d64bd5145692462134a0eb25f11e8e0b85053783c7bf1448971fd

    SHA512

    8d6c51c17ea20a05104e80f89393ff0ccc9548ec091579f820ac29e47b198e735c7ec8436b43f0190769ffad9681c753e213460089186cbc2c1f2d0686bb5701

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    667b0c26901ca7de803ed6d9cfd06e90

    SHA1

    adf64c4ea26e94aca174a866e382e437ecd6bcc6

    SHA256

    0d13d3a6c6e83c9535e0159fe0613333505061aced8a9137487eb5d0ed6f0ab7

    SHA512

    7636dd54afd886949c1bee10d830f2ab12afd985b692f7950438eeb56bee3ed71d9bffd8e1982bfa8accc8647293ddd0b9c4f0373836ac5c4e5e915e11a4a29b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c0fb5756c652f3439344e370a92bfeb

    SHA1

    1f7586bd9860d7285a6b4cc956304d387d032122

    SHA256

    c0ceeed33bdb8575b2556f353b70244e2274f3437c794ed229089b246852be69

    SHA512

    5e13e547bc1942f7dc59e53644f7e16ccc2756e3021d38e9b572c698974646adf76fbf9bea19c4b5fccc1c5be7059ea4f473adddf7deb2b076502ceb3a23902b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6e32fb179961a69e674536318cc3805

    SHA1

    7b5e107a2ddd1a10e1dca674ee8e0d372f9415df

    SHA256

    ecc132127c0809bf00d2eb1a0219d8639be0f67c24bd598f216517a416204061

    SHA512

    ef9ca9cd79215ea6a6df79943d007a2992f9eb6321134d5fe38bcd3d5326bb6e783067b4b381b4c3783a73978350c3100f72b8b43ea0b0e968a235583178b740

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    09c3037418e2a0798064e136bdd0e1fd

    SHA1

    8db289f761fe02499d835b24b528b9585821c05b

    SHA256

    18deb6f113a01198f12e216d97416c73da988f677ec67af6b0fa139911e381bc

    SHA512

    e601c2880b60c20d6a79c718e8eddb202bcc813efd3323e036e26982013fb1dbbb6d9b4159a1e239b2ab7562e06bc8de4b332b7a54111fb329756a08652350b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50e777935918cdfc6d11395ae8b60e2f

    SHA1

    3a7ad3c34d20faf609d444ff6d2d732346424ecb

    SHA256

    6b5dba3615ed854fb5e8e1e26cf895878b6eb7b83a6c6a6297f5b88be6222d63

    SHA512

    373c18e4d292b9cb51cbc62d4023eb2245ff9da950dfd4cb43d5a0e499082ef8e00fe00b49dbdb0ff75d9ed84740ab1558ede59d9fc4ad9e3cc8262c2029d5c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59239b5404344381c5895a89f036e23f

    SHA1

    34c06f3493d8c4d1e7306d29436ba6832c09f18d

    SHA256

    8a3b4fe4b53a67f6db8a02f2ab1a745c61dec6d8b094fccfaf57ac0c075fc351

    SHA512

    8032804a543c510d64aee6f1e903b10dc83fd16f80da84721a4035b671ec98fe9871bb51664e40c0eded2a3bc0e865e68eb80facf9ae10b00daf984862ff6d62

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    121858790fb5afe54ff3dc42d1e58a96

    SHA1

    f027958c821299c0026d1a8b72b9681510721e97

    SHA256

    ee8969661fa9141ef83cec5750b2e16db6e0ef6941f019c4526e66141267e815

    SHA512

    98e1f7fa5dae3b3e2c7c4e688d3c22c611e6738fb1fd12b6e7d00e31b9d54bc00d66a7e8353b774fc74e97b786e9a07d7c18e6df0dc674d3751e7a79b2c2e708

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cff7cebaafd0224feed59ad7acfdc061

    SHA1

    0d838668536bb63032c8b1d8055a507ba8ebacfa

    SHA256

    10e741c35e581e6968e6814f7fcd715500bd6da175eb54127ecd9486f31e71fb

    SHA512

    55d1f53154dac0c152c47897a79b0eebbd5511608504153235d4849a1032f791c1b5e2327cd7dc5f4d061969cdebc000952fdeb17053385205ef529628777648

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f30d388bfe8e491453ec3b0462f320f0

    SHA1

    c61d91383d7845afa71efc23e68d0cc584adab9f

    SHA256

    fecc94b27e22a631a6ffc1bc2c9421135894d51c964594f983dfe5d8448fa091

    SHA512

    b0385c63e722595e389fabb2eb53b37905550f152dd3a8496cd855a40a68c9d2e4aa73f1f76764cd7227145d0c06990f87dd5ad56b687760f097755b3cb8ac18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4aea9e21e2ac3022acbe44286c904f67

    SHA1

    9555bddac8250b04c5fd041766cebc042d56b2b3

    SHA256

    a379e1716f7a2d5c60c4c7b6665fde30aefa88e122af4865a99b92e8bba1fcc3

    SHA512

    348533537d659db593c9e85bfa6fa0a34618bdea44c8de1f8153ec332754a0980825008c1db034e0bfe5fd36be0761346197c9b4d75bd27fedada0dc56149f31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77ccb65016c1fffbb45cb2298bfca7b7

    SHA1

    eee0754f4ec2c274628ee8ff766febd47de2651b

    SHA256

    7469ab335cfca75800aabead86cefbcc90b0d1ca4042bc962109bbb365d63c07

    SHA512

    0970958e6c0ae811a8a72e75e8a8722fbf82dd1581980b7bb5f01aacaaf1ed2c3a9e54b9cc7f6967ba71f7e63515704230784db76378ca56db43f293a6d7c04f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3de05d6e14a1414e171e8705474d6846

    SHA1

    6de1525ff363f77a339ab4fa373ee77b45a2a7d5

    SHA256

    deec0257f6a8c954ed2c93be482f25676f62eb348005bf789117801c5c364598

    SHA512

    efd0b05131a9f68deb0ac7f923b3f581d968028e56b10608be1f64319ce49fc1d0e6af93de4cefb6c072d9d80bb90eb7eec193476de95be3af608055bb068941

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5e01525cad839d4e7eddbb7fce4d6f3

    SHA1

    b4dc235ea7bba0f6c9118daf73eb2f2ad4cf2204

    SHA256

    0674f71b31773f1f18517309b37a6aa8bf7c5203506eafc210a9a5091880406e

    SHA512

    68abc22d4fd5cf795547f628391a8c9dd90a520af0c2e2647ebac73350f9188c5949e7917619ca726a3ddb48c5e3f3511104e29e2368147f0cf4cd732088428b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d4719f4f9d6496c702b1e7d0273da36

    SHA1

    7c22f4b7a38de399823f24b65701d59d6706f2b2

    SHA256

    25e30fea62509fdb1a57f896511b1e419b30b1ca72459e5a7f59eb7116e49f7d

    SHA512

    2b487feebaedba8d8fa7904befbc653aa607256a36239b050538d75dae04ec4f17d5c16eb130814f0dc9e4e4cb07bfd0221c45498b1a03c83678aa3ac1b21c68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c583f018209d248c65361fcbefb74ba

    SHA1

    8c5714d8a63ad0ee1522854d28b6307ba646b2ae

    SHA256

    90f3549db042d6eab0895443cb422401f04df83c3fa6fea1dd0c2c1a3a0a8fae

    SHA512

    fb808729d87c7fd85c1897db369e1d8a439de9ba4bae0b2711dfaed9f42b0eb11e22b00f2516792d280632e5c069608aa1d128647e98028dccb033e807a1550e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74ce3ceebc6c6bb87894929d517eb20c

    SHA1

    16da99ff9ea284f4d3306099be7c367abc9c6672

    SHA256

    8b1ab0b2a237f8db3c48b31b360d92c40124d183825390502fc505281c84d775

    SHA512

    ae121950f356b8a9dc6fc63bfaf9d23e1b6b415abbf9bdf80f02cef06f0a0b5a2b99e59aaeade16756301e4d3da44ea56c586fa099b9a6c3ef8bf40d16f93a4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c0e692ceb4e4430194b5a3858c0250f6

    SHA1

    af0fe353056667a07873220c39130eb5b66cd8ad

    SHA256

    ea8318c8ffa57df2ecc05cfa3dd50a89c639d19e08eac21dd246b0a6a2556f91

    SHA512

    24b464992b4f9af61e84f44976fbe040baa208bfab21814dd22cc87300f9473b4aac7cfe2e9b916a21668ab909483043489e5fffc894c75991941e39588e712f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6225e16b7086f2ac7e85351a464a26e5

    SHA1

    9e8f471315f6bcb858cebea5d0a7fea44189aed8

    SHA256

    a1ba8a9dd16daf72b4bc037977235429b2feafc8c99d4ce9ad85f95b7f6cbd90

    SHA512

    f6608f54d3353ab1bb1a1d0028f38010a6641ca72b804adac45a6ec46b82e939bbb47a41acac2e316c59fefade0bb29affad7ad2f46618173afab5ed671f7704

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b20b7a89ed47ea4a972528ef7c518aac

    SHA1

    45b6092d970385bf44682a1baf106e6b6eb6ec1d

    SHA256

    68173c6570ca1e55b1da26d14523ebbfecce630b2e858ab6ff0f61f999a627c6

    SHA512

    18fa126bd3938274f72af228fa9935c759f098c254c90c20a228b487b72d042506e113880faaa37f89cfc2571c781c2090d67971ff150897340f8c80fa433cb7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c5cfb8f8921f56e0a21c107c95c2b0fa

    SHA1

    f86ab367b757c75051d6876ab97e7c70d89dabc6

    SHA256

    18480fb3480be25e3434280525a26d152cfa786769e1bd9ef563063f6f440a2e

    SHA512

    e2c8b636172e36d59ea3a336bc7be910bc85c6a27bb4c69ce629c764b4ae2363623308633d67deb35d40a10faf0676f78c2c632d02ba213272122d528a9f6a4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34c5035cde96763eae6ede8c98f32065

    SHA1

    7dd442ffa713a490602446b3bc62b9aa9763806e

    SHA256

    7162f4a1ad8d268c333df48d7b1ab651dd31e916062711a1154a331857753330

    SHA512

    b18fccca7391ff0e31036bb924445387ea6e3bd0a69fa9884ee1b4413279daee2a185c54f42d32cb46d94978f5b6cd1014d1170da53df10eae0a8b4b5b3da309

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a305f54b1ff9c199e4162de734926b5

    SHA1

    acbe8c5318d90450af7f92b403756151a85055e7

    SHA256

    bba9b4b351a2bda1dc5923be24ab6ebe3880a49969b2212c9435bb2b24632369

    SHA512

    d67be1706c0af1844e7a5a3d14ac693be1637ab8d579923dbca5a60445c0fb4f12e1af34353cd71c327cf7a598727c0197612cf4a9ed0a9f2082d3cf13672bf7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1f9ea2cf6c05de710b723d75400b234

    SHA1

    ec7001c2993dba28ef526176a8529f9603cb19bb

    SHA256

    f39091673d88c5fcd698df06efa03c61b6ab9aa6309b92dc070936e0084b2127

    SHA512

    bef3658b997b2be23565611397f93776047869c2fbcbca2527a50d3b65b79a71c512e2f61295350b315798c65b6984887fc08bbc661cb0a5c52c8984cf02ef3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    031361c40b7060771dabad998bf613d7

    SHA1

    86fafa9201b83f306baa8d2488e496eaeaf2815e

    SHA256

    8e322738cad9169d11d810f570c1bd54f22023b9e60ba121cee97755b7079956

    SHA512

    885db2a46d1b302b8cf70f619d20be8c2ee407de9d77de47ba1a715f25d690e43debb149151048035263069ec79a5453c4ece4a6977559e23138245b90533ba3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b9b4cab644df50389a1f1c218a20112d

    SHA1

    3cb126fe73d0491ca1335cfa9088805dce653081

    SHA256

    1fe0bfa985c82ec9c5692f3ce99cab0df4e463ae5de2074e04f87e3c769d08f6

    SHA512

    df95f49602566d0f8ba92c00c3957b800ab1e1495cfe97df6cd84d7f4568312e83ffa1d21e8c77ce9b59b875a75657e6c8c5f894fa8aca92c4883b224f22752d

  • C:\Users\Admin\AppData\Local\Temp\CabEC06.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarEC97.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2404-11-0x000000013FCD9000-0x00000001403DB000-memory.dmp

    Filesize

    7.0MB

  • memory/2404-4-0x0000000077E10000-0x0000000077E12000-memory.dmp

    Filesize

    8KB

  • memory/2404-10-0x000000013FCB0000-0x0000000140FD0000-memory.dmp

    Filesize

    19.1MB

  • memory/2404-9-0x000000013FCB0000-0x0000000140FD0000-memory.dmp

    Filesize

    19.1MB

  • memory/2404-5-0x000000013FCB0000-0x0000000140FD0000-memory.dmp

    Filesize

    19.1MB

  • memory/2404-6-0x000000013FCD9000-0x00000001403DB000-memory.dmp

    Filesize

    7.0MB

  • memory/2404-0-0x0000000077E10000-0x0000000077E12000-memory.dmp

    Filesize

    8KB

  • memory/2404-2-0x0000000077E10000-0x0000000077E12000-memory.dmp

    Filesize

    8KB