7982a8dd7cbafc7dc7bb0987276aa883c347ff496d9dfb5ec0852bc49d03b8bc

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

104.3MB
MD5

7fa83fe4857eaaf6fc6db9297c844038
SHA1

2a327cb8fbfd1273c18947817899dd98affe0051
SHA256

933ade515e0f2d50619c89a7db18a898e6029448437ce72d6306fe67e269b507
SHA512

b61ecf63897e0fb48d1a732cd4bb5537d3e6f6ada31a6011c12ffe1516cadc68a4e1cf1f806c735d127282ca2528b9b373976ddb0baefacdfcad4163f00f6db0
SSDEEP

1572864:0X+S+V9LyN0C1qh6maqmmRoF+dnQ6dkkGFinQ6dkkGFinQYPcAtjTDhlHYxZGf8A:0X+p3uN0CaFlQ9FiQ9FiQYEAlHQZGf8A

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2352	Setup.exe
2352	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2352	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdCBC8.tmp\ioSpecial.ini

Filesize
1024B

MD5
a90b378ac8c83ea28491bea25837a67e

SHA1
f78e2e851cceb537a7d28067e03a3430ad46a098

SHA256
edcac9683fe181e18db674653a5eea1280b7c305880f6a1b1f2faeff8d191dbc

SHA512
44a49146632e0d52ee664b5a279f0a019ed3332fc4a20776a469a8c6a5f449dbe027f268ac8457acec04eb059453f3e5e4be46c170c20591d4b7372d6b103058

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdCBC8.tmp\ioSpecial.ini

Filesize
1KB

MD5
a2bd2b716874f712f9e95dfd95f2a4f9

SHA1
950f96f970183143f22d583c23e1a00e42cfd291

SHA256
e3007f8c8bcf855f93ef74d94ca8e54bef18ed28d9f42799785c1aa30e4ef894

SHA512
fcc714314be2bc8dc8d413634ac4660a4687ccd93d9ed61cbb09a467d0d8259fa86dd42467be5c37652047f14223c99db7c6247a8d3df4ecbae3ceb2bded6760

Download Submit
\Users\Admin\AppData\Local\Temp\nsdCBC8.tmp\InstallOptions.dll

Filesize
15KB

MD5
d1eefb07abc2577dfb92eb2e95a975e4

SHA1
0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2

SHA256
89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a

SHA512
eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

Download Submit