9645096bc9e53a83a9aaa69a13c82fea38c8719faf27298afd25892bd9f788ec

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/02/2025, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01NEW_PURCHASE_ORDER_654576554.exe
Size

969KB
MD5

f9538485432d3ec640f89096ba2d4d00
SHA1

b050b847b1fe8be78d56b29bd23c25e05c227a92
SHA256

5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9
SHA512

ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5
SSDEEP

24576:oFZAiQHDhht8m7FpUi1L1OXJz5zzz3zzzozzz3zzzNz:CZAiQHlhtz7FpWdwz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\01NEW_PURCHASE_ORDER_654576554 = "cmd.exe /C start \"\" /D \"C:\\Users\\Admin\\SystemRootDoc\" \"C:\\Users\\Admin\\SystemRootDoc\\01NEW_PURCHASE_ORDER_654576554.exe\""	01NEW_PURCHASE_ORDER_654576554.exe

C:\Users\Admin\AppData\Local\Temp\01NEW_PURCHASE_ORDER_654576554.exe
"C:\Users\Admin\AppData\Local\Temp\01NEW_PURCHASE_ORDER_654576554.exe"
1⤵
- Adds Run key to start application
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\SystemRootDoc\01NEW_PURCHASE_ORDER_654576554.exe

Filesize
969KB

MD5
f9538485432d3ec640f89096ba2d4d00

SHA1
b050b847b1fe8be78d56b29bd23c25e05c227a92

SHA256
5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9

SHA512
ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5

Download Submit
C:\Users\Admin\SystemRootDoc\35cf1b00-0844-4d60-bbf5-aca4c72f72cf.tmp

Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
C:\Users\Admin\SystemRootDoc\7084b9b2-0a8b-4e45-ad57-83689d090a2c.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\SystemRootDoc\ASPNETSetup_00000.log

Filesize
4KB

MD5
e1b447315fe6190db5c018eca1aed21f

SHA1
4cf5951a324a286a207a616c0330c36b9b04fb66

SHA256
ad5789ef667bdd9d143bcb30cff0fe59b77c6c03fd27e384fb84e71220880ea0

SHA512
28d60151d5c1f12523eaaaa89a28355ace63758694981bee493eb9960b96dd345a0c1fdc9d4b0a7b4816ff60c5901f520b8a9c76e12b223523775c3e55c3dca4

Download Submit
C:\Users\Admin\SystemRootDoc\ASPNETSetup_00001.log

Filesize
2KB

MD5
14b6011f9c094b46ac70a86320f65fa1

SHA1
0568e4a6dcc565712870315587c3bc06ccf2ca7d

SHA256
c2f9d438a13ce8dfaa56e43e9c19f9b123785605e4c8c15f5824820b940f0463

SHA512
04028e43b68aae4d33bb11c98338ce4d32e4bdd3b53e17b0e60cc503f869acbd245b79ddd300524f8fff7a06be3adc7db518988e37dba4793a1f11cdd1012d94

Download Submit
C:\Users\Admin\SystemRootDoc\Admin.bmp

Filesize
48KB

MD5
343fa15c150a516b20cc9f787cfd530e

SHA1
369e8ac39d762e531d961c58b8c5dc84d19ba989

SHA256
d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524

SHA512
7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

Download Submit
C:\Users\Admin\SystemRootDoc\JavaDeployReg.log

Filesize
4KB

MD5
612a650d1c773ee52d62546e66ff5918

SHA1
a7479722bea44f8719b651ba69aa337d60da4290

SHA256
9e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00

SHA512
5882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483

Download Submit
C:\Users\Admin\SystemRootDoc\Microsoft .NET Framework 4.7.2 Setup_20240903_051515516-MSI_netfx_Full_x64.msi.txt

Filesize
12.7MB

MD5
2bad8ec77b69a026cc0e0b5e8ba2ade2

SHA1
e2d3f7c6346bc6015d306c8ed0f05847548d28dd

SHA256
2ed384521421a8922e556977d68f92794d9f4b95e9bce2818b47d5d2af1117d2

SHA512
be142913b4ecb78584822ceb745aa16f18e3faa166e0b778c8fa624c1d9315a9a762bd09bbb9005ad1744e77bea0b716c23bfdfbdec055e86c538b8eb14ae092

Download Submit
C:\Users\Admin\SystemRootDoc\Microsoft .NET Framework 4.7.2 Setup_20240903_051515516.html

Filesize
1.1MB

MD5
37f57b78542705c2f77f44fecfd5cbe3

SHA1
bcada7c59cf447cdb134175d4ac2893efed3baea

SHA256
f730e28985d750b8fe4ee6f04e43c9b6a872724944726d83588d0189e44b3176

SHA512
9080fa63827074f157eda6984f1e1da64dca72aa446eecee7c8b27c3c9a4b6a4fe0351a0e3e761a436fef3c71b3f6887392f870a2c8f3b1ca731f6abd183c716

Download Submit
C:\Users\Admin\SystemRootDoc\chrome_installer.log

Filesize
4KB

MD5
f65995e4a9d866ec23e624ad785b69f9

SHA1
e17140ed64a92f4a0409608ef257e7c62650a9fb

SHA256
4c6ae1a1256f364a4090534f0698d2937f0d85d05d5ff2d1dd708247b3948d05

SHA512
cb0e2e1e5a914f0d373bec303872b591fec20d30e750defe61f30544db8cd0ea3240b89497fba576bb2ea755a13e27db40f8ba4f721b770809e1f5977331683e

Download Submit
C:\Users\Admin\SystemRootDoc\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
5e9c1d8713183f342652313ef9423750

SHA1
e835674bc08769289808b6370c04aaf646b764a7

SHA256
682abf45442a24b7a8ab058e06b71463d858b73993ba092be7e09744f5cf1dd7

SHA512
c421fccf77b3123db54ac2cf8b63a7791881095377701bc485de2383644371e8f826782dfa94c012ea8f8fc09c8f6b82823b00377b40d70ede23ae23f1caf95d

Download Submit
C:\Users\Admin\SystemRootDoc\dd_SetupUtility.txt

Filesize
2KB

MD5
8cc03aa2c4261f232cd3a893010668ac

SHA1
1a23d898fa4b463cb1d31f9460c9e43ac09a65c2

SHA256
a4cf248de39290e7e82e82c64072c4a9fee336084490dd03958f589871f08f14

SHA512
e7e97d7182dba29fac40fb5ec030cd182d2b3f6c4b6ef19539d92b69940c711d15dae4b13587327304d83a234191401da5008b58fa269d237479cca6400df470

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistMSI1DEF.txt

Filesize
423KB

MD5
730fc5842a40fe5844971ac73e3904ac

SHA1
bd5b517d1083b2ff6ebd80d57871a3fa2b5befd3

SHA256
9753236fcb67301a4646f6ea0d7eb0f7284545074050fce385ef8c877fdd81b8

SHA512
dc08a043122c65d4d4f74b49a381c126c8b1ea9472041b47abc47ac27a14140a84841a2b76133ab90a14e0721f5e85bf1e0f98013c64855dac3106c3349d6d8a

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistMSI1E26.txt

Filesize
410KB

MD5
155178762de35f50c1409a21cb1c14a2

SHA1
d7cdaee02d65a5b119e89ad1e52eff783a776949

SHA256
319630061c62a5b176d33f56cc45a664c587a082900b8c6e20d0c0a63ea49129

SHA512
b9b24bbaddb64ad512ab1079514e44d616b7f3ff1112a98a9a023966549be8976e85b8aa99029d802fd64419efa937614c6b583118f0abf5335fdae50f220250

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistUI1DEF.txt

Filesize
11KB

MD5
e9286642ae851c3ae28308a6052580e7

SHA1
2553a9ae0f295ac330e432029fe9888e97e73bab

SHA256
6f81ab8edab7de5ee9a920315b5b990847a211047089c6c3910dc725ade393aa

SHA512
7b16e3c018291ec8bcb90ad6a80a36e08ad5d537f1b6597578f5b07184d0fe6366aef773b0dabfbf8da5c94f87cbecb4c29eeec8d6e56a31cbca4a0b4b8f5db1

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistUI1E26.txt

Filesize
11KB

MD5
2e1fef2be0c70151fa8ff47a96c0269a

SHA1
4beeed2fb12069c1de3816c173c5764339ed4463

SHA256
64d31600a576634ed8b2aa8b4dead47635cb733f242945894dadfa95a8dc9f44

SHA512
8b55a376151b2d4c586d31c6d566db85b429f6e520732d31d52b757f405a197fe0765d3089de1c2d039e3986ec8fdf8a85e7ea411d1c044d48fb524000b10f67

Download Submit
C:\Users\Admin\SystemRootDoc\dd_wcf_CA_smci_20240903_051527_762.txt

Filesize
7KB

MD5
764e20e0128011e6e661e35a412646cf

SHA1
f3441c61fbcbb78d3ccad359493565209226ba94

SHA256
3ef277e19c3bb92f13cd6c127c5da5da912f5a64ea4d6444955cbaef7734d503

SHA512
68404e1cea92b6d1c687433db822d4e2d8d5be10ae51f517ee1b35d87e92b4cf5906ba2bf9543c753a9ceef43cd17e2f0bbb7756688bcaa09c102a866d02bb6e

Download Submit
C:\Users\Admin\SystemRootDoc\dd_wcf_CA_smci_20240903_051528_152.txt

Filesize
2KB

MD5
eb732ea28552e38f10e310d843b7d4f7

SHA1
067b4404f8883d821a93d5df2f52a42fbdb5cab1

SHA256
d8f37574f062684830808be32a5d728e85fb2994e04e55c550f1f1b473b88756

SHA512
2bea8ef77c50098f193aa90289b2f5f719b3d7c70e83b2e8523df8762ef74009440c2e7672e4ec28f89920d01fc80af6ca551865afba6bb7f05c1d4d10041f27

Download Submit
C:\Users\Admin\SystemRootDoc\java_install.log

Filesize
170KB

MD5
61698f2ba07bda2ba323140f20b28e28

SHA1
d3e46602b6e042abdfb6a8630ccaff23801cd104

SHA256
51c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0

SHA512
eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb

Download Submit
C:\Users\Admin\SystemRootDoc\java_install_reg.log

Filesize
4KB

MD5
36cf8d512a14fd2c5263e06775f2da47

SHA1
3e8ae2e7855ac773837272177b985f1705f65667

SHA256
c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9

SHA512
e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725

Download Submit
C:\Users\Admin\SystemRootDoc\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\SystemRootDoc\jusched.log

Filesize
347B

MD5
ac07ebf8c74a2430a56e3ed052f79efe

SHA1
d16a8029506ddf0fae2191894df5ceee4b7fbc59

SHA256
388410e629c52d156b7938fbe8fd7fe0ae66038b11f5e25aa1691f58b24483f2

SHA512
a4b3681370a5172024289964e29845433e5b7af92a9303539c348f61c3d5c2cefb02aafc8240d99561523beef761dd332254a188206fd89030186efcfba25363

Download Submit
C:\Users\Admin\SystemRootDoc\libvlc.dll

Filesize
5.4MB

MD5
e339e11223bb5e4ed51e7112dfa617da

SHA1
510687d976c6253cb8b3569d71aaf85a2c69ee70

SHA256
eeb4c6dd889c40d8b95ee00f2eff67a5d3e0d4a15034ab97a36662599b2e4f3e

SHA512
aad3586e35bda596ccfad245856f5a59467b0a3ecc14ef39bc2dbda4e830038eaf80cacb62cdcf7dccdbc1982f72974ef21553a56f35a940657197655a7c34f2

Download Submit
C:\Users\Admin\SystemRootDoc\libvlccore.dll

Filesize
2.7MB

MD5
c62c3ef5753af6e0980f38eebc196b1c

SHA1
fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1

SHA256
2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d

SHA512
f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052315-0.log

Filesize
33KB

MD5
8112af5fc6a783d822935202a9e05add

SHA1
cae4b590e5a44aa4fb2d293bf3ef22c79649921a

SHA256
3869262f907a1031a6b4de537dfd07b37bdfd57facc43d817ecde48e00574e0a

SHA512
dff479d02d5062ea53360c01ccd49f13bd456d244176d9eae0f2854570a1dc8afac017e3317dfb44fee32a6dea13403bf7c2d7f1ac0e1a96a1fafdc4c136e735

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052445-0.log

Filesize
34KB

MD5
6db7604d25aa558ba9e1bac28c786be5

SHA1
c495792900a935d3353f5c7542b0130691d80f99

SHA256
43af78f5f383f8cd6e3caf568ec64cf16c035c6345d835d4259a9f65c25d8364

SHA512
273cb9f2ee6f7003320c906eaaf236bbbc6d033d8c884455ea8be497b5a91939538775509d77991e39b4f13bee28e1641ab55453dd9c883e3dbb9e9b8b1a0b33

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052611-0.log

Filesize
44KB

MD5
fd9bc413be39a6acd144b67693671cd8

SHA1
75f722fbabbbd73e8f0b4ec26a7ef298a7366c5b

SHA256
ea43a18dea4f7ddc9845f6168deffd75fcdeaa307c52fec4c96ff6bf1b436ef0

SHA512
63df171825b2cc093fde86c59e17bad969584fe5cea30b8d3529beb022c3a6c69496527e5cc2b18c5e7684bee9c0f02c349d1f77c89d6112b799b03cf6c5cb6a

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052746-0.log

Filesize
35KB

MD5
0590ca1c10a896545c2db5c11980555d

SHA1
94a6faff4af0ce82744d41c2a0595b4d2105ce91

SHA256
c813ceb9e9fe19cf2d212dd24ef2d660002ed8c3c843246c5c95455cebabf745

SHA512
82a2bae6530284aa3049722b16c5714a549a5a687255d0d7c2dba976d39c798f2e4f6a4d40f3aa84368579c4ba352c50e8aa4bd5afc98450461beb4ddb48b666

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052916-0.log

Filesize
36KB

MD5
b9cfbcf84583572ac431d4855102b63b

SHA1
09b8cafebe7c825f3debc4046b123b2f180e3567

SHA256
06dea70bddc3c0b4457c25d0f1215c49c15ac0f454dd29c06c12a9d8dde7e67f

SHA512
826cac68c630ae1acaef00766b7d8e9c8ebaa374a0922ceef2c8fb2123754d2a8b0b77c16d530c10672c188e94d7a50bca81b4691c4949883cf7a31e6f247b27

Download Submit
memory/1588-0-0x0000000000310000-0x0000000000320000-memory.dmp

Filesize
64KB

Download
memory/1588-267-0x000000013F240000-0x000000013F338000-memory.dmp

Filesize
992KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads