Analysis

  • max time kernel
    163s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 15:14

General

  • Target

    Saphire 2020/sapphire-ae-install-2020.exe

  • Size

    297.4MB

  • MD5

    ff47deb371df4df172ec081174fd1cd8

  • SHA1

    3a285eae44b9aba262a8767dec213ced448ac84b

  • SHA256

    58de0e82ce65666882f1d5e9db2308396928b339c9e57f0f8319a5b7310f13d3

  • SHA512

    312b490caf81f244f124dacb034b8af5a8d9a82e2041cba68c8015718d1331522efd388d3f5082c8e1c024d4b33c511dc80fe2b52bfee80b9a35de1529a0f594

  • SSDEEP

    6291456:mg2WHJ+25BFfj5MI9C1y7XbMJlYe/jb4t5pRDC4QB:mtgMwjh9p44ajbW7Y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe
    "C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:604
    • C:\Users\Admin\AppData\Local\Temp\is-2TQLF.tmp\sapphire-ae-install-2020.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2TQLF.tmp\sapphire-ae-install-2020.tmp" /SL5="$30156,311369936,61952,C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2968

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-2TQLF.tmp\sapphire-ae-install-2020.tmp

          Filesize

          701KB

          MD5

          6fea6308725988aa64e5dcb7ba3ce7a9

          SHA1

          a4df4e87a40a70611c7feaf5f5cee2447cbd4593

          SHA256

          5ea873ebfe31e4ad55a94518142c0676ad364f7af9f823b8ba7d190a05665c7d

          SHA512

          e5e2b1481f2f56e449280694c962ef768943dd4dcec0bec668debb459eaa98572bb7cad3c3a79a4bf21536ae9494e6548e3735f0a6d7afe020f279d2d3a345a3

        • \Users\Admin\AppData\Local\Temp\is-M6HIB.tmp\InstallerTools.dll

          Filesize

          301KB

          MD5

          989041ab8749490676a1c8f90163677e

          SHA1

          e510ec121ee7be358fe4e2676295a04618dc3141

          SHA256

          e832f02887e090e79bf401ecd5c272fb4b47caa5eb86d5942c64e1a6d4d8fec1

          SHA512

          0fc91e7e429a2ab3ca1144a1bd9d635a46cbe406824e2e224a370cbf88d149572b3b15526cd2806ed0e8d53522fdba4c842eab2abd86ff5a390b1e6b1429db43

        • memory/604-13-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/604-2-0x0000000000401000-0x000000000040C000-memory.dmp

          Filesize

          44KB

        • memory/604-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2968-23-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-27-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-17-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-19-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-21-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-8-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-25-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-15-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-29-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-31-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-33-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-35-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-37-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-39-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2968-41-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB