eb7261e990e2bfa1ac5d9bf046aee851c483716b981cb6c604443d57043575cf

Analysis

max time kernel
129s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
30-09-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FarmFrenzyInstaller.exe
Size

338KB
MD5

099813aab8edcc68f4eb53de94272153
SHA1

824caef786ff1bf0c57c97cf3d6ee259f00a00ec
SHA256

eb7261e990e2bfa1ac5d9bf046aee851c483716b981cb6c604443d57043575cf
SHA512

ba9ebb585b90772c3e2e9ccedc2c4d292ac7d1352d1c1ff5c27e04984cb611a2b9879f7f6416d4b34165aa5661420341b724460c413051e7efaf9ee4bcac1e70
SSDEEP

6144:BQ606xnky97mF8BEvg1qF+AVb09hQ7JEPHD8yASbJYRG5Kacd0WQBr:Yy9yF8mh+AV0yOHwyAUJsG4Vg

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 15 IoCs

pid	Process
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe
2148	FarmFrenzyInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FarmFrenzyInstaller.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	FarmFrenzyInstaller.exe

C:\Users\Admin\AppData\Local\Temp\FarmFrenzyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\FarmFrenzyInstaller.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\C_H.bmp

Filesize
12KB

MD5
40d28a8b26ce12c2ff8b15b51e0d40d7

SHA1
f6b7098017234b3bfa24e19941c3e1cb95b8b57a

SHA256
0e00f99d4808002f199b800d6c27bfbcac0cf29c292016cc3a70767441e8d0e1

SHA512
c388a8a79c46e0de8fed82afdd3788364026f52ecd4c9681522f0229cd7a2e3aff69a735411a9a8fef0816cdfea98a836da86fc1912c4f35e2671634ea69b61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\Splash2.gif

Filesize
1KB

MD5
896605919e9da76b4ff3c0d196b89c38

SHA1
8b7a6c33627205d9bae21d6ce689d7bb3a5117b7

SHA256
f73c8c7d202942596716b96048826bc711fb93079b16ed2f54c567cff74acb58

SHA512
1280a7d8e2fd57259936a14edba9de478b9d6c19e307870e83fcd860267f77f2fe455c9d55ea43b2bd49fccf2a7108e62afdc8f627ea940711477c529a529c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\cancel_button.bmp

Filesize
12KB

MD5
cfcea9699b1ef2df4bb02667a66bd12e

SHA1
a975b767e72f551d75711ced7e24e3b55358108b

SHA256
41e9767c4ba9ad3108a896bfa415532ef0d7267a904f843fd560cb0c14be7685

SHA512
53dc83baf38275ee1f2a196330ddd2b2e88873b470ae4d5d2f4594001f80eb2a2d839e244dec101fc99126339d601bd2e7c25bec25740331eb9976bcdf0ab6f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\close.bmp

Filesize
1KB

MD5
b9a19ca740edf60d1901c7ccb72233d7

SHA1
ee81af1979f414b5eef406109301d36c93b8ed43

SHA256
ac7b44ee84305d4afc77b35a30f9721404e25ac66601f16c74c2cc104632575e

SHA512
d945a592d2a49318d2119a099e74470a11dbe9df8463c082131fc131b4200c6a6f5140f210b007bc169574877afba84fb3c917cc52d1c0ba83c688e26cb8eb93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\finish_page.bmp

Filesize
542KB

MD5
cafb88070841a10af381d8d31b68ebbd

SHA1
74866ff2d1971409745aa8f0dce192904b39b79b

SHA256
8e640a5cdcfc3c514d7d06965dcd4fb7f2363a4c27116011933460f828b9264e

SHA512
c9cf6fc4a4e92355f584124762a0c25588d31b7c85eee12684a818cf29571e4c61e4f5cb775f6729c3f38f7e14afe89f69b3f165d0d6feb6625042c402b18f2a

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\AnimGif.dll

Filesize
8KB

MD5
63f11d04d07615bd610c857d0abdbed5

SHA1
fee63014806f8250c3e301a219fc43ef4b3a8f19

SHA256
a1fa2e0191f986824f5fc0ef62aee8b4b25695cc56d4b00fecdc1c92f8ea237f

SHA512
211f3689df9c219507072f71e9795e74cf9dd3a37f32330d8b7cb5cf335b9aec6f874df2e5fabf90e7f3e4d61655f7674d1ca94cd7d7ec4244a153019c334e23

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\NsisWindowSubClass.dll

Filesize
98KB

MD5
aa888581c44bc0132a099f97b380df5a

SHA1
e1550c722823ac9965835cc4b0ee2b860fb3bc93

SHA256
13923fad0e3a631c8e3f9ba5cf15ddde22c7191de9782f33127563459c4244fe

SHA512
883420332b8328ea57b3b9ea55d42b582507bdd10d32f2af1f56797901005e502b6ee6c756ea27bf8f1193d07f6a82b979acce82b7a6c2936767a903985ab302

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\newadvsplash.dll

Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\nsDialogs.dll

Filesize
9KB

MD5
d2e45dd852a659e11897df573832f381

SHA1
19990ee627c95b6c18d3b5c5f0ec5c24791d0af5

SHA256
86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676

SHA512
93c9fa1767f3e861fe5765f2940aaba9eee6396d069c443ac6cbaccc88441b2bfc3c3af50a8044161f96bb7eb81af1bc6c1fa754d89740d0a2a8d591fef11073

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF3A8.tmp\nsisunz.dll

Filesize
88KB

MD5
bd97d86d8bd07ebdc8ec662a3f31dfd5

SHA1
5e2b3a1af5ee53ab6d1d6c2cb8127add39ee7e82

SHA256
c31b590cba443de87f0f4a81712f0883ac3b506f3868759d918d9a81f84ea922

SHA512
4575d1ea0d1b2f74df74cad94eae7fdf31c513e5dc6d945e81e0873b99f94a5d81b1c385c71ab79a19e5bb6c00fc5fffec7a3bbfd60ad7de312cbb53d8bcce9a

Download Submit
memory/2148-81-0x0000000003BC0000-0x0000000003BDD000-memory.dmp

Filesize
116KB

Download
memory/2148-196-0x00000000028B0000-0x00000000028B4000-memory.dmp

Filesize
16KB

Download