8109b2fe6fe61eec679d059c1e553c20777dde2b6b8200ce3bdf57b2f2068bf5

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HA_SendLink191_Fire.exe
Size

481KB
MD5

c70f92533a5e197dcfdcc2c5edbdd98e
SHA1

aab8d6bf5dec47e89bd34ad036b4edbc73444563
SHA256

38a285fad90354c149689c2edcfbf2fa37441582fc97abfd4969739bc7df8c02
SHA512

fd22a20825ebd1342003210306a3bbf4f1cf9c80d819558543c98f73911b458f71de5d8294e689f265ec2e1366e19522346863934f836fca1fcb2d7874217dc6
SSDEEP

6144:FhF2fYDYYD+y82yhRHFSky3XEMV22Jl1F2BjplvitfMLuBTKP1265He0alrUHLY:fUTXJvHFSky3VV5Jl1F2BWBu126deHKU

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1304	HA_SendLink191_Fire.exe
1304	HA_SendLink191_Fire.exe
1304	HA_SendLink191_Fire.exe
1304	HA_SendLink191_Fire.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HA_SendLink191_Fire.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1304	HA_SendLink191_Fire.exe

C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe
"C:\Users\Admin\AppData\Local\Temp\HA_SendLink191_Fire.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdA1BD.tmp\ioSpecial.ini

Filesize
609B

MD5
ca4c31c83d089acad0c2466fc31c2c2f

SHA1
068921e84fc97a7d7301d1e45acfa20f7a294967

SHA256
f3738310bce7c5ba61643ae39a23a312ff1895e07938462b1f4adef9baa61a6c

SHA512
5af7a5061ee7263e3cb1cbf8b1a61f6e8fcc3916e5719d47eec1032b213cdc7d9a560f8ad3bae8fde24fc1bea778bec046e4b0bcf7bf8fc7c178e2362a808acd

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA1BD.tmp\InstallOptions.dll

Filesize
12KB

MD5
1e8f2fefe3ce893b117b26948b8978cb

SHA1
59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

SHA256
8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

SHA512
b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA1BD.tmp\Splash.dll

Filesize
4KB

MD5
e07ad0d2f86ddf926911e3d2dbc2021e

SHA1
370c93de8c9ba9549b0a646b329cb8d2fc7c91f8

SHA256
2ada4d9531a62772ddd7eeb0737fe91925982c543990d9c0d4faaadde12b7ed0

SHA512
c13747e3cb2d6712f3bf19bfe1bbbab47763239a4e21bbe685edbedae98bda9c7b8e4e06c22e8b7737752a3c3129e07c91c00b6e90ac741e891bc1bfa966fdae

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA1BD.tmp\System.dll

Filesize
10KB

MD5
10c44246d99a1c2e5f5e6b52b111a63d

SHA1
0f41da79c3e789f4ae38738e3a5d73c538f8af4f

SHA256
7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

SHA512
e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

Download Submit