dc074ad6fcb6a29b76b8da45c84ecb811c3ddcd662d93ec69f0929578c267383

Resubmissions

10/10/2024, 16:18

241010-tr5x3avbrc 10

10/10/2024, 16:17

241010-trhsjavbnh 7

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaSetup.exe
Size

2.1MB
MD5

46252fe1a6423fbbd272b168d98c00ba
SHA1

fd4ede984fea0e0a15f1b03ec1ee7aa7393903cd
SHA256

dc074ad6fcb6a29b76b8da45c84ecb811c3ddcd662d93ec69f0929578c267383
SHA512

ac68428d96d606d87d83f22e31585d3944e83f7cf90a101d685867970d2a6a6df54e6f84daffafb04e7f38bfeb61001291178c30cbfe0ae926995b27045d9592
SSDEEP

49152:RVAbwC95j527tIqUxHzKHhDLsRikQUTsoUq8IcgXzNGLRg9x:3AM7tqxTKHnqsoUq8ajzx

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1932	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1952
- C:\Users\Admin\AppData\Local\Temp\7zS0A7B3C86\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS0A7B3C86\setup.exe --server-tracking-blob=MWMzYWZmMTM5NzQ3NjBmNGUzZGYwOWM3MGQyMGFmYmNjOTVlOWZjM2NhYmI5NWMyZWZjYjg2NjdhNDM2NjFhZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGY2xpZW50JmRsX3Rva2VuPTQ3ODI2NzE3IiwidGltZXN0YW1wIjoiMTcyODU3NjAwMC43NjU4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOC4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi8xMTQuMC4wLjAgKEVkaXRpb24gc3RkLTIpIiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9jbGllbnQiLCJtZWRpdW0iOiJkb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiKGRpcmVjdCkifSwidXVpZCI6ImU5MjQ3MWM0LTIwNjctNDk4YS05ZjkwLTBmODBmZTcxZDEyZCJ9
  2⤵
  - Executes dropped EXE
  PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0A7B3C86\setup.exe

Filesize
5.3MB

MD5
d2b32d2ca95b09c440db5f37788a3829

SHA1
d0f5f06b9050ee2cc9202e6eae18349ab1257d70

SHA256
6cab004538645353524008c307f897f76a1b46282ea6761cc88fdd4b6fe3e9ca

SHA512
cc091d48ff9abf5add640bfdf99148b466cfded3cafc8451f87cf3723fd4b7f096e4b518216fbf7482f34167dc8deea5de251fe369bccd28ce2bf56b09163a86

Download Submit