Overview
overview
10Static
static
10wentra/Guna.UI2.dll
windows7-x64
1wentra/Guna.UI2.dll
windows10-2004-x64
1wentra/Spoofer.exe
windows7-x64
1wentra/Spoofer.exe
windows10-2004-x64
1wentra/alperenxrq.exe
windows7-x64
3wentra/alperenxrq.exe
windows10-2004-x64
7wentra/run...nt.dll
windows7-x64
1wentra/run...nt.dll
windows10-2004-x64
1Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-09-2024 19:15
Behavioral task
behavioral1
Sample
wentra/Guna.UI2.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
wentra/Guna.UI2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
wentra/Spoofer.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
wentra/Spoofer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
wentra/alperenxrq.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
wentra/alperenxrq.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
wentra/runtimes/win/lib/net6.0/System.Management.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
wentra/runtimes/win/lib/net6.0/System.Management.dll
Resource
win10v2004-20240802-en
General
-
Target
wentra/alperenxrq.exe
-
Size
11.9MB
-
MD5
bc9ea1f205d6e0e52cffd65e0d5535c5
-
SHA1
275646802d56921b1f92231d27da935048f53864
-
SHA256
1bd7b1beeaba06d9f0edc6d8cf9a2f999b5b4db5a9a053ed0d9c1e06c4ee3aec
-
SHA512
ddd0a6c97688429645a53143801432638a29bb2f6a602fcd715e54e1f36b5ac62a4daa258495713657e3ef68d3b6964d3b08eb55f6a0d9dc2322c7af99d626f9
-
SSDEEP
196608:xJQNljpryeo6GdTbYFzLzpl80JXQT4EnbUaAf00BU3Yg7MPrDhdYTQ4ILDlL:XQNFpryrddTbYTlvJubUaT0cgPr1d5
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation alperenxrq.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion alperenxrq.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS alperenxrq.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer alperenxrq.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1380 alperenxrq.exe 1380 alperenxrq.exe