5bbe24c99a6d3de6f7084dbc3c3a38251f5460aebe216ce7cecf5f182e41b62f

Analysis

max time kernel
141s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/biclient.exe
Size

223KB
MD5

ac8f7611f353ca9803fad5ff81900678
SHA1

de33325e686c82c12db1f95f39e94ac746f5b5b5
SHA256

ef72a8db980a2c299006b1c32b6ab0a74fd00dfc131c6ae7f13b392adf4159cc
SHA512

75d7d0a106f8cc02cac734e34a4cccd97d814214c397e2c05eb00b95b4ef87d2ce60e368b8d418a9c5b330b239547d1d9555538b6a2c705040a746bdcb320571
SSDEEP

3072:7xOP3+LdB0XczQDfCli9gm3XD/vVev9GGBFCZ2LipO23zkb5c6VsSIVeWr:IOm1QiLVIjCZ2LipOFe7H

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	biclient.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	biclient.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1152	biclient.exe
1152	biclient.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\biclient.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\biclient.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3d66735cf4de782818c8286178f8877

SHA1
8e794ebe81ff17058da27187d0c1bc8ce1198b72

SHA256
b1f6066de01a6c90e6d69a4f331e8fb649927346b41678a0245af7a75f6a5dff

SHA512
3e9a74437280b3017bf759be7c6bcb1fbe61ac34c3f9c9decb9df520e9136856e57e1732f0d25aafd4e6f6d0c1422692b158296f1141c274849a84043cb14869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709de022bba44414808b210a27e2c1f2

SHA1
69a41c043fd8e5b0492a64d043a04a72abd54882

SHA256
1a12f7003272110ecaf18ea739a5eb100b12e2415ebcb40fabf4107de31f2ba7

SHA512
3ad5eda9a7b2390c8ebe8ffc0c05b6ecccbf8c1cefd0bd5ecc4bac0ff5e999cd768d856fd0ace39d7390b7a3e74b76b6ce8a77d2af1aa200db89c48e89b88e24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
998b01f04f0e9451bc6ebd8296380ad8

SHA1
fe43a5cb99cb53225e609ee98836611c5b80b989

SHA256
a299d6062610c32f579601c60cc879d58f08ebcc21c3b85fb8869118c78c6f3c

SHA512
ec9c92f3e8d91e558e91b2cbbe2c0ce903cd58e54fb09e66ff326454ce5f6b03ca7486ecc694ac71908bf581be18a35e317aa9f7e1757c62875d1e8eb6aed1ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46be3017ad5462c477caed0900c3687c

SHA1
480a17fed8d722493e7a42bc21dc64eabb16a3ec

SHA256
4550d2956a69c9fd36d075baea7d48f985213e5ae7eaf76b4d549598b9334653

SHA512
e5e8c667303dce023dbf1a0e106d681f483fdfca9cc053880469e5061353612aa22e4e0f1afd9db593b3901ab77477fdbff8e20c57af587301b5dbd763172af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a14e49f0346e7f72b60b9a14ea97f535

SHA1
f70b6a689256726a4a658438b5f3a7b40e449a01

SHA256
e49b92fab2c1bcbe3c34a95545dbbc90b0b6b98f6417b8796caeff47b8c91fff

SHA512
9438ac5a6a8d663c485219c68113ac59a1e184122cbac9bb04c40f1d4c02f08c38168569c23fc5bb666110bd984733d43bba5f5c8ea3f7af38c7659d16dbc446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84775c2b7b1f323a218669392b568c5b

SHA1
58eb527bd09140b9c76508a16170161bd6e5d5d3

SHA256
2bc58f5db13d46b182475eb469891e9e56d69370359f9e01d8638f2a130c77dd

SHA512
c2b0f702eb88837c38393161979f4f7cfc0a86f63c105b6e771c44d763c762456c8e155166bc0bfc29ca87e3ad3bf8c816f7baa1258095d7f301154dfde7869d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b68dfd631163a04047b5c53bb65ad77c

SHA1
87796db0749c688388a8a180d1eafafd3e3eaf97

SHA256
f7b07c1efee006a9fd242218f8532ec5e8df6f8c1f18b059d1bb438e43d55971

SHA512
bd3aeb83c8f863097573b04f398033c56573dd25188b25e5280f755c36422a9556325b2f8478820e9926083898ca1fac6af10059627b1f1995f9cfea26255394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67ab74b6166973c285b9d9eebdd42321

SHA1
870815be53f3d3763fbd32d807fe0a6eeda33d85

SHA256
93861da176660eff663cdb9939f700c7d97757c2fe9b678f68d694bd56aa98a0

SHA512
abe862aed4898068e2ef39cc0cc190132fcb7ae792f40126569f336854c052cef7a1a41827af22e750507186f845625ba61c14cff7280e5cf71cc857e17d1394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f8eb9e4b9217b7fb499b7652844b863

SHA1
575f3fa5517a1c49acf9afe9c1a3127d11897595

SHA256
e78c593be54d0ecaed3b397cd27e34132cc0e200fc23adf92b7ecd6c86174ced

SHA512
b5ed36cd085a355932f5dfc10c4db317a9bd8516d5a4b746642cf049416d4490a3845c7c09754871da5a46c78e68ce102785a5a9269ba2333aa6709e5871bb4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE9A6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA06.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1152-0-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1152-460-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download