Analysis

  • max time kernel
    151s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 15:14

General

  • Target

    Saphire 2020/sapphire-ae-install-2020.exe

  • Size

    297.4MB

  • MD5

    ff47deb371df4df172ec081174fd1cd8

  • SHA1

    3a285eae44b9aba262a8767dec213ced448ac84b

  • SHA256

    58de0e82ce65666882f1d5e9db2308396928b339c9e57f0f8319a5b7310f13d3

  • SHA512

    312b490caf81f244f124dacb034b8af5a8d9a82e2041cba68c8015718d1331522efd388d3f5082c8e1c024d4b33c511dc80fe2b52bfee80b9a35de1529a0f594

  • SSDEEP

    6291456:mg2WHJ+25BFfj5MI9C1y7XbMJlYe/jb4t5pRDC4QB:mtgMwjh9p44ajbW7Y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe
    "C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\is-GJL16.tmp\sapphire-ae-install-2020.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GJL16.tmp\sapphire-ae-install-2020.tmp" /SL5="$10006C,311369936,61952,C:\Users\Admin\AppData\Local\Temp\Saphire 2020\sapphire-ae-install-2020.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3784

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-GJL16.tmp\sapphire-ae-install-2020.tmp

          Filesize

          701KB

          MD5

          6fea6308725988aa64e5dcb7ba3ce7a9

          SHA1

          a4df4e87a40a70611c7feaf5f5cee2447cbd4593

          SHA256

          5ea873ebfe31e4ad55a94518142c0676ad364f7af9f823b8ba7d190a05665c7d

          SHA512

          e5e2b1481f2f56e449280694c962ef768943dd4dcec0bec668debb459eaa98572bb7cad3c3a79a4bf21536ae9494e6548e3735f0a6d7afe020f279d2d3a345a3

        • C:\Users\Admin\AppData\Local\Temp\is-QMTBO.tmp\InstallerTools.dll

          Filesize

          301KB

          MD5

          989041ab8749490676a1c8f90163677e

          SHA1

          e510ec121ee7be358fe4e2676295a04618dc3141

          SHA256

          e832f02887e090e79bf401ecd5c272fb4b47caa5eb86d5942c64e1a6d4d8fec1

          SHA512

          0fc91e7e429a2ab3ca1144a1bd9d635a46cbe406824e2e224a370cbf88d149572b3b15526cd2806ed0e8d53522fdba4c842eab2abd86ff5a390b1e6b1429db43

        • memory/2592-11-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2592-1-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2592-2-0x0000000000401000-0x000000000040C000-memory.dmp

          Filesize

          44KB

        • memory/3784-20-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-24-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-14-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-16-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-18-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-6-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-22-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-12-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-26-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-28-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-30-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-32-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-34-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-36-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/3784-38-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB