74f2d815f96a2bca3c01865ba7a59de25327e3a6832f0de85255480d5d3544f7

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_SetupPoker.exe
Size

522KB
MD5

39fdff70bc8f75aa493cd9788694ed68
SHA1

c59cdafb05ba1399e36e33c0f29dbd66056bf005
SHA256

168bd95120fe66b37d0bc73c3bbe9639df0209f400c671287f552b09b8f5cc98
SHA512

d6a3bceb19130d804c93a85e41b9c697c6d53b04504174b6d4788a8d14f8c263c9fd3836c5920c6cabd674fd912a35c1fddf2f78e7549df4930abba8c5ff8205
SSDEEP

12288:6Y4R5y5Yc6RT2EWb9cs0ArL2/uJbVE6Zh1M:6c5889x0zGbVPZh1M

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2088	_SetupPoker.exe
2088	_SetupPoker.exe
2088	_SetupPoker.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_SetupPoker.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	_SetupPoker.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2088	_SetupPoker.exe

C:\Users\Admin\AppData\Local\Temp\_SetupPoker.exe
"C:\Users\Admin\AppData\Local\Temp\_SetupPoker.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\pts891D.tmp

Filesize
84KB

MD5
d0712e87bc38803c056a1e6d9cb94991

SHA1
af48fb5730096afae587cff42ac07123c8d33616

SHA256
94000d672fa1761ce14833d2aae194703419e5d191b6220ed15de8c257bfe27b

SHA512
2c9d72ce4ce8da55d487727d75e3fb552dd28643ac81a36caf0137860149ec1b97273d5d41dfd56f20f11526d5fb20e2e38d0af6176199b1147ab97d00d10dc3

Download Submit
\Users\Admin\AppData\Local\Temp\pts893D.tmp

Filesize
80KB

MD5
eaf652a0218c10896b5fb5b8158eddda

SHA1
aea78e701a29fa1197c19dd2ad40e4d76d8f3f69

SHA256
9eac9454194d407cb6204cdbcb0678db0cf4df918134901e17675e85ce13d21e

SHA512
20dc21c963285ca783944caf40c2e87a00aa6c250a9878fa1f6908d44f78857194831c474225d70113f57ea6992c26365dcfbb86af9371e1bd2c101e6374ca11

Download Submit
\Users\Admin\AppData\Local\Temp\pts893E.tmp

Filesize
80KB

MD5
beb2b5d1bf16ec3bd121133cd7ea9b8b

SHA1
91e9141841105c4e9fec0260cf009ead71cdec73

SHA256
a3a7ae0e574d82e6f5727c2ee6acad31cae9ca00428430d879dc8b68e896b418

SHA512
d0381239cd1ed846e78ca2a84c43a704905f6d97503d17daa3ede01c93298cdf15799cb0108ba9940764351fbb9be65966bbda0a976d90596309d120ed85c9ef

Download Submit
memory/2088-0-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2088-1-0x0000000000AF0000-0x0000000000C80000-memory.dmp

Filesize
1.6MB

Download
memory/2088-2-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/2088-8-0x0000000000590000-0x00000000005A5000-memory.dmp

Filesize
84KB

Download
memory/2088-12-0x00000000005B0000-0x00000000005C5000-memory.dmp

Filesize
84KB

Download
memory/2088-15-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/2088-14-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download