Analysis

  • max time kernel
    94s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 19:15

General

  • Target

    wentra/alperenxrq.exe

  • Size

    11.9MB

  • MD5

    bc9ea1f205d6e0e52cffd65e0d5535c5

  • SHA1

    275646802d56921b1f92231d27da935048f53864

  • SHA256

    1bd7b1beeaba06d9f0edc6d8cf9a2f999b5b4db5a9a053ed0d9c1e06c4ee3aec

  • SHA512

    ddd0a6c97688429645a53143801432638a29bb2f6a602fcd715e54e1f36b5ac62a4daa258495713657e3ef68d3b6964d3b08eb55f6a0d9dc2322c7af99d626f9

  • SSDEEP

    196608:xJQNljpryeo6GdTbYFzLzpl80JXQT4EnbUaAf00BU3Yg7MPrDhdYTQ4ILDlL:XQNFpryrddTbYTlvJubUaT0cgPr1d5

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wentra\alperenxrq.exe
    "C:\Users\Admin\AppData\Local\Temp\wentra\alperenxrq.exe"
    1⤵
    • Checks computer location settings
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-1-0x00007FF92B2D0000-0x00007FF92B2D2000-memory.dmp

    Filesize

    8KB

  • memory/1380-0-0x00007FF6446D9000-0x00007FF644DDB000-memory.dmp

    Filesize

    7.0MB

  • memory/1380-2-0x00007FF6446B0000-0x00007FF6459D0000-memory.dmp

    Filesize

    19.1MB

  • memory/1380-5-0x00007FF6446B0000-0x00007FF6459D0000-memory.dmp

    Filesize

    19.1MB

  • memory/1380-6-0x00007FF6446B0000-0x00007FF6459D0000-memory.dmp

    Filesize

    19.1MB

  • memory/1380-7-0x00007FF6446D9000-0x00007FF644DDB000-memory.dmp

    Filesize

    7.0MB