a69bebef3cf47d86c8d9167eafc273a22c3582a1bbff820850397b11b1be7da5

Analysis

max time kernel
145s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/biclient.exe
Size

223KB
MD5

ac8f7611f353ca9803fad5ff81900678
SHA1

de33325e686c82c12db1f95f39e94ac746f5b5b5
SHA256

ef72a8db980a2c299006b1c32b6ab0a74fd00dfc131c6ae7f13b392adf4159cc
SHA512

75d7d0a106f8cc02cac734e34a4cccd97d814214c397e2c05eb00b95b4ef87d2ce60e368b8d418a9c5b330b239547d1d9555538b6a2c705040a746bdcb320571
SSDEEP

3072:7xOP3+LdB0XczQDfCli9gm3XD/vVev9GGBFCZ2LipO23zkb5c6VsSIVeWr:IOm1QiLVIjCZ2LipOFe7H

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	biclient.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	biclient.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2996	biclient.exe
2996	biclient.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\biclient.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\biclient.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e968d6b5ed3d0d074d7021afba407cd4

SHA1
5a57a5fc17be021a5faa1c6522c3fab5c35e53b4

SHA256
d1ade0a1d39d4a0a28199728251f4cf27db136dda625e7da3afe4447d063d2cd

SHA512
2851c989aaac3a8a291b32c7534a647e57099972aad53a74a202852d27be71d71473729c1e1e70e6429c6bfa96e25482d6aab51e8f0209c945b85af47fd94b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9aadd4f4572046a2a7c1a9695cf29c0

SHA1
ddf731dfcc6f59096e98dc80f4a74556cbd387a4

SHA256
c0e39dba645d9143f96300f264ba24e1ade7e3d87a7fa9ec020ec5dde455ed48

SHA512
ae4e334e3e3d0eb08e0fb97a6276059a19716485ca42956cf1a309f420d2ff441babfb5c0666c801ab23c29f9fea0cf885e6353dd9bf74989e67134c6c9e7aee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35573adcf5fc9177469335f1131f88b5

SHA1
e79bc14d9f3212a41f8ac67eef3db2f861dafc11

SHA256
d0f5decd5620d21670b9e954c4ef602775caf59d47ae058e24c062b5ae294742

SHA512
beb33131e4a3df6cb13b2c864981fac4b5085a6f7089dab8db674a155949ae4b09671b8ec07fed9ad95765383de5fbc31ecc0a77eb250fd77d7f3c24191d528e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f018fd837a14f67f47fb9365cca4bc8

SHA1
e1f3e041db3799e1828a3349c240a661d7fb3cf3

SHA256
135f110cb53f59a2dcf3d78ab9a48c63d5968a54b57214b269f8c0f875ae4dbe

SHA512
c32a03c35c8bea66a8f761cd20c227b87434ade7dbd3178d8368824e29b7b549fbeff77c80023716ded15af98ee539f56557856d1e90bd981541a154369d31b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b74ec80ca06bc4d3489740ab62897b0

SHA1
ddd8e8b94a2e5d689b2f8081bc0fb464426132a1

SHA256
13d04225b76111cde2ce546e8481ba63a68e682b47d3677e5e22d07a3d9f6278

SHA512
473e51ec2fec0f1f98b185377be75f9d3ea594a6aedbda2f3b6a28ee9e6edf24b2aee98de02512b735355558830491749e4f7ea6af3cff5adddeda77623497ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9912a849be24c2b5df93677a83f420

SHA1
f20c3480c61592888b80c6f5f8d7c0eeeddae924

SHA256
c3f51f2e85de10deece1d4a297431da48f56d979e1cbbd99b6c33e1b69c23026

SHA512
67d1478c7f6ebf385b11e17f09025c5bfeb45938d7c7b5a0fd19a1fb805afcca7bbe0daeddd01a39fa7dba9ad8496a37adf151911901846a71ae3238dc594082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10d64cce71e69f91d27dccfcbc12044e

SHA1
f12b943e603592510c4d1d03679321062a7692b0

SHA256
d4fb3ea5c3808dea148baad27fdc47a4b56d1dd7f7c69e7234749fc56b4f95ce

SHA512
9a29431eb98a102c7096fc91ca0a63575341ec10515994447c823d234a7ccf76af41967c489e2e32ead80390c405886dec90c4ee9a534faa5949fca5ab213ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1996594a090f64482b7a4914680dbe51

SHA1
02d7c641e4eb26783cba7e0fadd3911bfa1269fc

SHA256
aa24d919360f49242e7dfbfe3b92414342df15f7d1e88487a3d453a095a4c41d

SHA512
0d6f413e0081bb96a1abd09e4ebd8fd80616a40cf28a0ddead236f7c101b7a772488ba48871706693b626e9991cdfd0004d3a31c14ccdc755ed1262ea8f58022

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE3BC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE3FE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2996-0-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2996-452-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download