0e6a72fd296388a146aeb316e0e91031b7f67969dd877830bcae6c9133590f20

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-02-2025 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maharashtri.exe
Size

746KB
MD5

7cb23ee1dedd35c01d1cf539667d4d99
SHA1

70f8e5fd9d4a78c78eb38e87c5482c763844a6e1
SHA256

6db4fae76289918ad6c528e7d4d8e36484c2694b6e41775b0a3ccc2499f1b1da
SHA512

df427d412bf8dc224b3c3b83b96a77f7462da670982d75c4c85762b89c97986a934e7b06552d9a4544e1f3ef60e5a743219e49637e41730e6e594f12ce09017d
SSDEEP

12288:OF9OaIXbkkyjCZc0QIwy38SeD83S1dijjXMo3VFjGxnE8UML789zUO9vVOI0emBx:KOaeg3jCZcj+3lRsIj8o3XGxnlGUOdbE

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2808	maharashtri.exe
2808	maharashtri.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\bedvelsens\Reaccelerates.ske	maharashtri.exe
File opened for modification	C:\Program Files (x86)\Common Files\rhesusbarnet\teenfully.bra	maharashtri.exe
File opened for modification	C:\Program Files (x86)\Common Files\infarkt.pla	maharashtri.exe
File opened for modification	C:\Program Files (x86)\Unelaborated.non	maharashtri.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\resources\rothesay\Fallenternes.con	maharashtri.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	maharashtri.exe

C:\Users\Admin\AppData\Local\Temp\maharashtri.exe
"C:\Users\Admin\AppData\Local\Temp\maharashtri.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Pictures\fedtlderstvles.lnk

Filesize
922B

MD5
46d105a9c8a2b357cbc0eb2ef7ada1ee

SHA1
c8592ce5ee2a49da819fad63e754d2a98de26fc5

SHA256
3af69a7fe205dbfd618cb50c5ba7bfcc4056378b728fdd9d67ceea5846426fc2

SHA512
d73f3ec30f71bef61e3abfa07fef95d82b0c35ea97820a1abedbe03e0de6d10eed2eb6b845821a632afc8f02faf5d3a5ed73975eeefa40de7fb27a8c1cd556e0

Download Submit
\Users\Admin\AppData\Local\Temp\nsoFDA1.tmp\System.dll

Filesize
11KB

MD5
cf85183b87314359488b850f9e97a698

SHA1
6b6c790037eec7ebea4d05590359cb4473f19aea

SHA256
3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac

SHA512
fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

Download Submit