1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdea

Analysis

max time kernel
12s
max time network
113s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdeaN.exe
Size

846KB
MD5

013e6e0e0a480de1d27161501dde63b0
SHA1

45122ab717d583446ac0feb54ad8ef85391a3008
SHA256

1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdea
SHA512

bb60b1aff03549d4d02289d9f4317f9ec731df2d306aff8c8238832cc87bf7790639feed7bf21d32766b47795f4cf08d259f1027b56ca1d2d5ec96c76640385b
SSDEEP

24576:hwoUwpWjN2Mp6Qkt1BIq94BfIeqZGx6JU909cNN:CorptMpqQqmlIeqs87W

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1984	1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdeaN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdeaN.exe

C:\Users\Admin\AppData\Local\Temp\1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdeaN.exe
"C:\Users\Admin\AppData\Local\Temp\1e1c525a8ed56cb71f20d622a70f319b400c7160b896d6e381a516d2e0ddcdeaN.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x53c
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\oc_A1DB\Start.htm

Filesize
23KB

MD5
f8788ffcc2607063f10712c5fc2d2cd6

SHA1
14418004d28437f5f0d2af9d4bfe3c59e2c945ca

SHA256
f6d251abc890fc45f115796df4ed9491bab5ef900bd2bc89aae1fdbf10e2dfda

SHA512
3fdef980ab3a508bca3603c45b755ceeb240ec1e097e87ee13ddfe21c90655454956c054ae1745c446a5b7cf320023a3f83712d3d0e07a2c2f7a3cf4a04ad896

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\apnanalytic.js

Filesize
10KB

MD5
43c6232dbb2ca82cd4b95cdc1d60151f

SHA1
eafd9eba6e99a37f761921ca2352a4bc1824c59d

SHA256
a27cf8ffa3ca3e1d4e95ce74c97a15dbf95f482e3ce2d08c7e12ce3c2d125ad8

SHA512
6b2c2399100b02dc6ea7e59a201722d9459f20cbd0c9d70d9b6638a7246668e87a68367e71d632e744347babdcf160647d208a1ea80aad78f71dbd4286beee6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\download.htm

Filesize
29KB

MD5
e1d1ec2a3e1505e60f0cfe9a20b054d9

SHA1
9b2d6bccb72b9f91ce38a6bce055e02aded37fc8

SHA256
e0890ea91628b0feb3ee66e0ff0acb865e38e308c9cc4849fc8a61142b3916a3

SHA512
876984c9d29b7a448083f92cbd15cb07a87a5179f6338b21c51dd3fe043b6f095272d0c22d82247c5b9bd7ddc2f0b7fa987a56575504f360e61fcbb8bb5f3dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\masterrule.js

Filesize
69KB

MD5
8ba4ef9e5b52d5fd9802a389ea9b3a76

SHA1
3ba73cf029f08c3ce00b4ce08c8dad07943ca1ff

SHA256
36f2ff3ac4724eb5e04e09e0c9209cb1f19d42a4f129e88d88564f4a389a3355

SHA512
cc92a5f1a0f58a85566ae29f0de68b26acf67501c82748a68f91045ad8a2226a10f788e69e8b65d15b17a25cbbf66ad8118a22598f7397c1a66c794b7ac5df5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\offer2xtemplate.htm

Filesize
90KB

MD5
64ec9a3b354dea05a2b353c5890b82b2

SHA1
00f3727be1652f4d9924da405d2543b2433bdf6c

SHA256
45e07d4321d392fce26104bf818d3dc314d4b90683fa1f3643715a63ce9c0132

SHA512
2eb831f5a1d8e7df681b8e227fb7d5f2c65306088fa52a6f93e3bb41e31ab92a431a6dc5bde8255f30aa754ae8837ef0af7902be11fc0b9e03bc80dabc17553e

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\offerlist.js

Filesize
10KB

MD5
06cdeda39c9fe39e3bf12e75502f86fe

SHA1
1f1433d4f98387066959864ced8ea18bee29408e

SHA256
4202defc65d340687cff88a0d754167c9cd8ea4ac6fc9044ff47458d2ceecdf7

SHA512
344383917c33d6998712675dcdf347dec53553e28112963ee94107e49f494e44175ea06932d091f476b5e77421f3f63cc549a155dbe1fc4270c992d1716cb5ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\orchestrator.htm

Filesize
111KB

MD5
f4e2c3a7d924306182a6c1e0d5c5c941

SHA1
8cfdcee922257865ac30acf301ff5687efccbec7

SHA256
7bea6a8263900ae8271b1592003e7c41f01f8f382ac65a2d17cda09e75632eca

SHA512
9124871711954e6ff2d25d63658867f3c1be3c03e31fce3896c9230c8ab103be739ee529d4c0dcfc7f671aac94bc3e8ed53bdf90d0cfce4de376315328b24d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_A1DB\prefetch.htm

Filesize
3KB

MD5
e5f229160bae9f0ef953a705df2d1cce

SHA1
941e04d3c9f6db288a0669a2da9c6130fa9c13df

SHA256
1ccfc90b0bfb94d427cbc4c95cfb9543a0ced5be62a5687f42f316b74cc6d8c2

SHA512
1c916e50c1276b809fa2e787dd2467538a6ab08447b9c794918cdc3451311d9bef8ba5e548205ea298f90796114c3b30f25ad213c0ce1e52bb027e892ab9d34d

Download Submit
\Users\Admin\AppData\Local\Temp\oc_A1DB\OCDLL.dll

Filesize
1.0MB

MD5
7c79dd502778e501756ddfc1ca7ce88a

SHA1
3239d08dfe81a87f9470d030794a063616fb3123

SHA256
913add6fbd8fe266de36a069229cbddd9e3d8020f0eff70d9e8590daac73c34b

SHA512
592c3104f4e1b6c5c89407d567ebb650a2fb5457d14aeff73143ff8d90fcf6492277b4b00d4ba47d83703b41c8c587e4d75bb07d28c4ba9861ae8ba901081bce

Download Submit
memory/1984-69-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/1984-196-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download