a5deb351990f18a57aec07350e43821bd720a352ad07585422f012d0b2c965f4

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InternetInstall.exe
Size

387KB
MD5

972ecb1ba79e30827c965aec38f94b66
SHA1

c2c01dc84b8d1e47ef2ff5060915fbae84493891
SHA256

4556f44f293d6991c1a2e6482bdb7bc8bf193977f2a365023b4359fe68cca15d
SHA512

bfcf4a17bf836b140cbffd113884bac2ef3c64e996722cce358d5d49c2c1fc821e4f38a4a655c5bcc3645103e9f7123091d98eea7bafad33277c5fe3af5b8fe7
SSDEEP

6144:FnjSqKltz5/k9L7mFGUuRjso4E2ECHAGU2D/bp+V5mSysaVK/9:FnjC5/k9nmhuRJ41hgWD/kV5mSy/4

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InternetInstall.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
876	InternetInstall.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe
876	InternetInstall.exe

C:\Users\Admin\AppData\Local\Temp\InternetInstall.exe
"C:\Users\Admin\AppData\Local\Temp\InternetInstall.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/876-0-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-1-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-2-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-3-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-4-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-5-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-6-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-7-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-8-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-9-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-10-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-11-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-12-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/876-13-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download