Overview

overview

10

Static

static

3

Install.exe

windows7-x64

7

Install.exe

windows10-2004-x64

7

Install2.exe

windows7-x64

7

Install2.exe

windows10-2004-x64

7

keygen-step-4.exe

windows7-x64

10

keygen-step-4.exe

windows10-2004-x64

10

keygen-step-4d.exe

windows7-x64

10

keygen-step-4d.exe

windows10-2004-x64

10

Resubmissions

12/11/2024, 01:29 UTC

241112-bwgrxs1gnf 10

08/07/2021, 12:18 UTC

210708-8z6d5h8z2n 10

06/07/2021, 17:53 UTC

210706-g6we6sa7sa 10

19/06/2021, 18:17 UTC

210619-vr8bj2dzfn 10

17/06/2021, 21:39 UTC

210617-a9cvlnmrbx 10

11/06/2021, 17:26 UTC

210611-wvab1yw2tj 10

08/06/2021, 06:47 UTC

210608-qrbpch3y46 10

08/06/2021, 06:47 UTC

210608-64tndgm1ln 10

05/06/2021, 18:40 UTC

210605-cd6qpr55sx 10

04/06/2021, 11:56 UTC

210604-5c416rs3ns 10

Analysis

  • max time kernel
    1151s
  • max time network
    1157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2024, 01:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install.exe

  • Size

    497KB

  • MD5

    41a5f4fd1ea7cac4aa94a87aebccfef0

  • SHA1

    0d0abf079413a4c773754bf4fda338dc5b9a8ddc

  • SHA256

    97e95e99fd499ec45a7c1d8683d5731ce5e7a8fb8b710622e578cd169a00d8d9

  • SHA512

    5ca14bda498f26efff4e1179969b8f2c25244063c7bf25f3ec20b5cd24b5be320bbfb8b3d0b2d66f5c5b415da777a766fece5f251a4247773c6cb991417fb75f

  • SSDEEP

    12288:RQi3u03X6m6UR0IAQduaatBEL9QJq4Vj5ZT3IGm9CXZ:RQi+KKHIAQk/eL4q4Vth3IN9CXZ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install.exe
    "C:\Users\Admin\AppData\Local\Temp\Install.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:708
    • C:\Users\Admin\AppData\Local\Temp\is-TT8T2.tmp\Install.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TT8T2.tmp\Install.tmp" /SL5="$80054,235791,152064,C:\Users\Admin\AppData\Local\Temp\Install.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2372

Network

  • flag-us
    DNS
    global-sc-ltd.com
    Install.tmp
    Remote address:
    8.8.8.8:53
    Request
    global-sc-ltd.com
    IN A
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    99.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    89.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.16.208.104.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    global-sc-ltd.com
    dns
    Install.tmp
    63 B
     136 B
     1
    1

    DNS Request

    global-sc-ltd.com

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    99.209.201.84.in-addr.arpa
    dns
    72 B
     132 B
     1
    1

    DNS Request

    99.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    73.209.201.84.in-addr.arpa
    dns
    72 B
     132 B
     1
    1

    DNS Request

    73.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    89.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    89.16.208.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-OUHBR.tmp\idp.dll
    Filesize

    216KB

    MD5

    8f995688085bced38ba7795f60a5e1d3

    SHA1

    5b1ad67a149c05c50d6e388527af5c8a0af4343a

    SHA256

    203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006

    SHA512

    043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TT8T2.tmp\Install.tmp
    Filesize

    787KB

    MD5

    45ca138d0bb665df6e4bef2add68c7bf

    SHA1

    12c1a48e3a02f319a3d3ca647d04442d55e09265

    SHA256

    3960a0597104fc5bbf82bf6c03564a1eb6a829c560d1f50d0a63b4772fafbe37

    SHA512

    cd1a0493c26798eb70b3dabb8a439de7792c4676905cad21c6b3f372213ce9f6b65648245defcd36d4f19285160f41c62e1025e772e6b9f11aa126388ea8364f

    Download Submit

  • memory/708-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/708-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/708-21-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2372-6-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2372-19-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.