54d10d33a0bab13f06576b0651cee2b5cc46f4f145b6f71ac06675a74e31c19e

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.PUA.Hudun.22899.8587.exe
Size

62.7MB
MD5

ae1384fca7755048d9e1b6e3a95ed6ef
SHA1

5b8dda55b6f67b9f0c855dcfb733a43f8b64ef0b
SHA256

54d10d33a0bab13f06576b0651cee2b5cc46f4f145b6f71ac06675a74e31c19e
SHA512

b27fa95078d7ab737933aebcb0bea4a9c8b05dd910636780023722b63ab31c51eecc5fb9c03e67b75c14bd7ef77d629cde70a0f00cc33473cc2495cc45a645f4
SSDEEP

1572864:ye6DoHqWbcuCy7M+Z2WgWHgbOejOHGhyhIHtfGB60VBbFiE:yeOoHzIQXKAhejneetuHbFiE

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
2440	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp

Loads dropped DLL 5 IoCs

pid	Process
2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe
2440	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp
2440	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp
2440	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp
2440	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.PUA.Hudun.22899.8587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.PUA.Hudun.22899.8587.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31
PID 2540 wrote to memory of 2440	2540	SecuriteInfo.com.PUA.Hudun.22899.8587.exe	31

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.Hudun.22899.8587.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.Hudun.22899.8587.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\is-5KPEA.tmp\SecuriteInfo.com.PUA.Hudun.22899.8587.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5KPEA.tmp\SecuriteInfo.com.PUA.Hudun.22899.8587.tmp" /SL5="$40016,65330372,414720,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.Hudun.22899.8587.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\CheckBox.png

Filesize
1KB

MD5
b7d4c7fd2e1d5fa7fce1a8a8a1581b9d

SHA1
853b4cf14ebdfe23312ed19fad567f7d08560151

SHA256
f944f62d64956e63105fc2645c878901c447122060c20c22f4e6eb929c26cfe5

SHA512
3bf1a5b1a799cacae3d5075affec8edaddce58a46cbbbaf88118d64b1e6b64ff8bdcabfa5c2b63086a35414bbd5230756fd52807fa0df9a5bdefc880d44bcb13

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\CloseBtn.png

Filesize
1KB

MD5
96e7e5849af19a2b5626df65771d2e9c

SHA1
92dd1e54622ec3e0757d5112ab6176f39170d382

SHA256
910a3b79c743b30f61df1da9c85d466915ceb31767c5e6ff315b332c8f57bfad

SHA512
5004e68ba1dcbb866ad90027b33dbabea5ced2810cfcffa53c0db6d0b7bc82304d9303c929aa43d4b32a0495af531343b86f4ab6a022dbba0354b76a1b7e5d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\CommonBtn.png

Filesize
7KB

MD5
593394f776971eadde458a1d05ac611e

SHA1
61e4b3f48b676fc89a6eff4b1fcaf1788fa8d9d6

SHA256
ee9a06d34a7902e91445515d93ef03d8a9f7242c5385a0beb108bc6f33b43e4a

SHA512
daf96c6ff639144c5a755b7d4895ad89d3972a1107afabb4eed17724e608cbd0e80971ad26effb36583506275fbbe61cb3e0d67ca4aca330e7a96ba49da4c262

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\FinishBtn.png

Filesize
20KB

MD5
9598c5668212128dd03cfe75f407c4e5

SHA1
06809be1d43850ab21785c3272a6202fd13ccc61

SHA256
8d05cb51ac9a413115c77f80233124819abd9412c55f2dc8789ac2039d41191c

SHA512
d728139018a45d4b32f340fe91f9477d97f1f673627b018c81bdf623a9270a71d56f472ec110ddd02c6766217979c61711ab26fb731196a3c45d71499466a38c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\MinBtn.png

Filesize
1KB

MD5
0348efb1cb0d30dff711e4700398fd15

SHA1
4e5b7b72969ac62e0ae6032930bb71367a8e2258

SHA256
48bc6e1264b4aaacdce930d8fa19a9dc6f1975bc5e57188a342e1ae5b9731eda

SHA512
8a0aa1bfbe379d212a4eb3b834464a379cc4d63784729241203a532354b55acb810f2d8a3d743daeee24137cdad56a0a029f370868fd3bd0c7633c0d493c3b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\ProgressBackground.png

Filesize
3KB

MD5
7f603f018af24a2ffa8b22d9128dd97c

SHA1
9206b68df644238ca730f676ab48a4672a860955

SHA256
73fe481bcf70c98ccedf06237183da9c2f5ffe6ef1a2ee77cbf21d24c17b009f

SHA512
df80273ecc5d244f17541f7e3230b7e05d43c17edcef9e1ea9fa79ac74bb6d88d156cc650314a573158f28a57195e703752c0161c3bc201814e8ce5c2e012e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\install.png

Filesize
20KB

MD5
f1cceb528bfc25d1dd6dba7f09fdc4e1

SHA1
d738ebc349fbec4f3d073a3a456e0a8a53786cea

SHA256
9dbb6fa024d10ad210bd8e2aff7cdc0a58455c529cea70e3e744c31cb59b36b5

SHA512
e9a8a0c9e17ce002e3e28effb1fcdd3c07b855c3c3adece7bc21607e0d2bd458062ae4914d197ca2e4ccb7656c5fa626512db8bf509851345396171fcea03394

Download Submit
\Users\Admin\AppData\Local\Temp\is-5KPEA.tmp\SecuriteInfo.com.PUA.Hudun.22899.8587.tmp

Filesize
1.4MB

MD5
0185e7af0da33b6f0ced989c7009bdb1

SHA1
e9c3c3ee90cc86c9b7c30c7440adbdbbfc20ef2e

SHA256
f0e538dc1e8c8b13b574172531694fb413752cff9447f294004b213a97d70b07

SHA512
190e0124bbad7f67220777748391c32e369273240714cbbb3f865b16ee7ee83065d871435453a209ca92884147ed241b04efae2f50a4c8e08a41453b9f09cc50

Download Submit
\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\botva2.dll

Filesize
32KB

MD5
295832fa6400cb3407cfe84b06785531

SHA1
7068910c2e0ea7f4535c770517e29d9c2d2ee77b

SHA256
13e372c4d843603096f33603915c3f25d0e0d4475001c33ce5263bfcd1760784

SHA512
50516f9761efd14641f65bd773cfdd50c4ab0de977e094ba9227796dc319d9330321c7914243fc7dc04b5716752395f8dac8ccdfdb98ba7e5f5c1172408ce57b

Download Submit
\Users\Admin\AppData\Local\Temp\is-6OOPC.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/2440-61-0x00000000054B0000-0x00000000054C5000-memory.dmp

Filesize
84KB

Download
memory/2440-36-0x0000000001EF0000-0x0000000001EFD000-memory.dmp

Filesize
52KB

Download
memory/2440-8-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/2440-113-0x0000000001EF0000-0x0000000001EFD000-memory.dmp

Filesize
52KB

Download
memory/2440-115-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/2440-114-0x00000000054B0000-0x00000000054C5000-memory.dmp

Filesize
84KB

Download
memory/2440-117-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/2540-2-0x0000000000401000-0x0000000000410000-memory.dmp

Filesize
60KB

Download
memory/2540-0-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2540-111-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download