Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-10-2024 01:56
Static task
static1
Behavioral task
behavioral1
Sample
Lana_Rhoades_Photoos.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Lana_Rhoades_Photoos.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
'''.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
'''.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Lana_Rhoades_Photoos.js
Resource
win7-20240903-en
General
-
Target
'''.exe
-
Size
2.0MB
-
MD5
60b42e43178ad0ed1484e4afef56e740
-
SHA1
45d484903388cd149f9e2e5afbfe247c90a00031
-
SHA256
ed0cc4ec1b8de4c0e315f3caa855892f7ace7cccd3b8e98c7589316ef9fd1972
-
SHA512
1d397050fe7969993404ee0313ee071ec6a5bd316a40210c72404600057b9a7cca2c78302d28e9f576a42c74ddfec37856b7188c7dd64d173afce043d9b2bc7f
-
SSDEEP
49152:4VAbwcf0qplQ9rQ7JC+zQlQTLw9Lqb4tBr9mPrIdq1AT2v:0Aa+lQp85Q59mb47r9mDLm2v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
setup.exepid process 2544 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
'''.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language '''.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\'''.exe"C:\Users\Admin\AppData\Local\Temp\'''.exe"1⤵
- System Location Discovery: System Language Discovery
PID:3056 -
C:\Users\Admin\AppData\Local\Temp\7zS0FBDFAB6\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS0FBDFAB6\setup.exe --server-tracking-blob=NTdiY2VkZTZjZjIxY2ZlZTE3NTFjYTIyZDc4OGQwYmJmYmIyODgwNzIwMWZiZWY4OTBjOTE5MmQ1Zjg4YTZmYjp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9Z29vZ2xlLWFkcyZ1dG1fbWVkaXVtPWJhX29zZSZ1dG1fY2FtcGFpZ249JTI1MjMwOCUyNTIwLSUyNTIwQ0ElMjUyMC0lMjUyMFNlYXJjaCUyNTIwLSUyNTIwRU4lMjUyMC0lMjUyMEJyYW5kZWQlMjUyMC0lMjUyMDIwMTcmdXRtX2NvbnRlbnQ9Z29vZ2xlK2NwYyZ1dG1faWQ9Z2NsaWRDandLQ0FqdzBhUzNCaEEzRWl3QUthRDJaWEFVdENvQUh4THN4V25PYW9maUNaVEJaYTM1RC1xNFRlb2tKS0dteWNGam82dVdaT09zQ3hvQ0Y1OFFBdkRfQndFJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cuZ29vZ2xlLmNvbSUyRiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZkbF90b2tlbj05NzU3NjY1NyIsInRpbWVzdGFtcCI6IjE3MjY1NTkwNzAuMTA4MSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IiUyMzA4JTIwLSUyMENBJTIwLSUyMFNlYXJjaCUyMC0lMjBFTiUyMC0lMjBCcmFuZGVkJTIwLSUyMDIwMTciLCJjb250ZW50IjoiZ29vZ2xlIGNwYyIsImlkIjoiZ2NsaWRDandLQ0FqdzBhUzNCaEEzRWl3QUthRDJaWEFVdENvQUh4THN4V25PYW9maUNaVEJaYTM1RC1xNFRlb2tKS0dteWNGam82dVdaT09zQ3hvQ0Y1OFFBdkRfQndFIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiYmFfb3NlIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZS1hZHMifSwidXVpZCI6IjAzNzBlZmUwLWE4NWQtNDA5Ny04NmY2LThhOGVmM2VjYjg3MiJ92⤵
- Executes dropped EXE
PID:2544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD5c3ad19d69141fa707540087edc297679
SHA10bba92b6e3371770989ef3597a9192d16b4feae2
SHA256ff7ac32388dbd9ad3ef945b0e71518c2d869b9d9cc8fbbd14d3b0665850b0933
SHA51228648a5c8c44def983cbdc4f6b48dc97d5fbda2a2f8ac3d93f85476f3492bc18986be97a5954e27fff1206779736b0ed90df1a04c35f30e1c182b6435cf33f2f