9645096bc9e53a83a9aaa69a13c82fea38c8719faf27298afd25892bd9f788ec

Resubmissions

24/02/2025, 12:08

250224-pa55aa1pw5 10

24/02/2025, 09:40

250224-lnmnbavpt3 10

20/02/2025, 03:42

250220-d9d93awkdk 10

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/02/2025, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01NEW_PURCHASE_ORDER_654576554.exe
Size

969KB
MD5

f9538485432d3ec640f89096ba2d4d00
SHA1

b050b847b1fe8be78d56b29bd23c25e05c227a92
SHA256

5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9
SHA512

ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5
SSDEEP

24576:oFZAiQHDhht8m7FpUi1L1OXJz5zzz3zzzozzz3zzzNz:CZAiQHlhtz7FpWdwz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\01NEW_PURCHASE_ORDER_654576554 = "cmd.exe /C start \"\" /D \"C:\\Users\\Admin\\SystemRootDoc\" \"C:\\Users\\Admin\\SystemRootDoc\\01NEW_PURCHASE_ORDER_654576554.exe\""	01NEW_PURCHASE_ORDER_654576554.exe

C:\Users\Admin\AppData\Local\Temp\01NEW_PURCHASE_ORDER_654576554.exe
"C:\Users\Admin\AppData\Local\Temp\01NEW_PURCHASE_ORDER_654576554.exe"
1⤵
- Adds Run key to start application
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\SystemRootDoc\01NEW_PURCHASE_ORDER_654576554.exe

Filesize
969KB

MD5
f8303e341245a8571f1375b88c1c400a

SHA1
d98720736d6ba6950dc8a6c66bca59034e5fccc0

SHA256
461b1a265abc0b201a3b5a40fa92647cbcf1dad08422c2702d9a7f5473f8c55d

SHA512
e1789e656d674965d82559e1fed44ced78c4ffd032ff1295877f9b224ebf71837e8c62096a8fd3c22e2d4b94dde86b823f53adc6b48f0dfb468637c1f81ccdca

Download Submit
C:\Users\Admin\SystemRootDoc\4bc34ff4-86c6-460c-933f-6d5d2d21cc68.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\SystemRootDoc\ASPNETSetup_00000.log

Filesize
4KB

MD5
efc016dcac7acf653e6f52d2279aa760

SHA1
5094c3151f8af924578e9bd897a7b0043e1013b2

SHA256
22688e68ae1a2c184920b0b1878a58ca5d5560006a21f8d6cadbfeec206f3445

SHA512
50979fd96d49270e6e88f6edfdfaca2e438a5281998583fccece6a1abd72bdff26ea54c1ed9ea7342b5bac30a449c4c3e6859b5030ab434e885870a80624c29d

Download Submit
C:\Users\Admin\SystemRootDoc\ASPNETSetup_00001.log

Filesize
2KB

MD5
e9939d5faa22dcaa547e88db589b54ef

SHA1
aad21ec93f625b3ea13f253c015d5429cd87a9b5

SHA256
d291c81393c9d92a17e6f9eac43e90a219c81f37a042bc08304481699bdd27ff

SHA512
c090043ef52df4d1e2883533a582f1f32ed4087f714af79a023e7469860082b48bfbb071d6364a5c5a71e883f3141cb41f16be272bbbe2da48034c21a8ecbf4f

Download Submit
C:\Users\Admin\SystemRootDoc\Admin.bmp

Filesize
48KB

MD5
343fa15c150a516b20cc9f787cfd530e

SHA1
369e8ac39d762e531d961c58b8c5dc84d19ba989

SHA256
d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524

SHA512
7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

Download Submit
C:\Users\Admin\SystemRootDoc\JavaDeployReg.log

Filesize
4KB

MD5
612a650d1c773ee52d62546e66ff5918

SHA1
a7479722bea44f8719b651ba69aa337d60da4290

SHA256
9e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00

SHA512
5882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483

Download Submit
C:\Users\Admin\SystemRootDoc\Microsoft .NET Framework 4.7.2 Setup_20240903_051533888-MSI_netfx_Full_x64.msi.txt

Filesize
12.7MB

MD5
a032973f1ea3d5d128d6538a36fc0a72

SHA1
9be907ebba5fb52af9901e8515644f2249458ae5

SHA256
929be461033dd149d2ab84d53264b6fa5bfc9ac1167df90da8d32a63e39cf999

SHA512
2d94295a289c1cb1bdd98e8356c19ec1c4b04f617bc93747e3d6b234fa04a102bedb72ba5b36338728b2e981eb0b3aad58965d821dd5995ca8efb3f4e46b71c1

Download Submit
C:\Users\Admin\SystemRootDoc\Microsoft .NET Framework 4.7.2 Setup_20240903_051533888.html

Filesize
1.1MB

MD5
73a2aedf6f5cf33a4725479529db009b

SHA1
58ab5ef55f644420acba9d20f242c56f088e0487

SHA256
0c2eb4b8761a9f09e952b881b36879789311fb039abc109011112ec5445af349

SHA512
7cf80ddb3cdd9587af87306c62f6985df3d3a1769ea0849cae477c7de82c407e753af5c5bd81f59f656d9469a63149a939cf0d6ac185981ff761efb1852fddfb

Download Submit
C:\Users\Admin\SystemRootDoc\chrome_installer.log

Filesize
7KB

MD5
4760f9d657306afdd9f184c81256d411

SHA1
4c7d0239eb6157512accf8970d2fe2d7adcabbbe

SHA256
a10b0ab5ff2a5af2d68e732adc846fa65febc8afb06162e6f0e1dafe0a013fa5

SHA512
3febd914d4d95b35d6bc91152a9c52e24d7573d0ebc020abc5c8db984bb1a1fbafd77ce2b640a0cd54dc7ae4443fbd5bbfa84419444f743af32f1e61d01d5f59

Download Submit
C:\Users\Admin\SystemRootDoc\d6cbde45-4292-4b92-ac5a-f95b65e357bf.tmp

Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
C:\Users\Admin\SystemRootDoc\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
383ae9c1c22898404c89e4a5af4b2f7f

SHA1
f42012dd1c89de7ac7fb8f5cff2f0c7263f00e94

SHA256
914f9501c37e8b854ab3f4872c420183258a781e582458fe750cce8933a3f1ed

SHA512
362a9bf45201de008d625fd85ace166ccf102f4ff554ebe10cd0d39cd6449123bbeb7a53ef03c20f00d19197f1039c6884381860424fba7370691f6dd4562895

Download Submit
C:\Users\Admin\SystemRootDoc\dd_SetupUtility.txt

Filesize
2KB

MD5
b62592b942fd71e199db5e2eef1e5f04

SHA1
f08d67ecf1ae25d9f269e3ed84a4c70420086f5c

SHA256
82673c52b7a2ead706986dadaa618665eed7acc3fd9d682ddfa717d1a3e19bde

SHA512
8b597b2a4c75d244063cb67177111b4a2e4b8a3079bd49de8a1c614efe8d6f50e75dd1184c7794bc904579fea8da9ad009c8f35659bb0cc072db6b796407ae0f

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistMSI1E16.txt

Filesize
425KB

MD5
97155ce2ec985122524af4df78490c6e

SHA1
bfb0157cb53fe670b56cf8379bfbf5ffedc2225d

SHA256
0c42ee6e63826a78ffb41824247ca37f2287b1f5afd7d1fac9fa59d11bd1f614

SHA512
831df171b098d397329b8877792a430e9329af1c663403910d1f0bb409883ae7bf00fbd11a6660718f248bcff907bc6ce1669a6f31f8ac45a4c77ca2b567e9d7

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistMSI1E51.txt

Filesize
410KB

MD5
37e1eb164d8ed4ff86a5aeb2c76668ac

SHA1
719d733b51424155b8ef3ff809add62272788fc4

SHA256
88270f1416258ab4f8bb2167591cb4a4e54a40f8ee817f8a7235747e6313feb6

SHA512
a6cf66c2dd8e8576973d04985406b5c48dc3c0ffc393ad62df263cfec2fbea914c450fd34ba46f3d13cf31a2ecd86584a7faf44e94a42af678fa139c7e77081f

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistUI1E16.txt

Filesize
11KB

MD5
2eeb0ccd487ef7e3a815f4e1177f3a32

SHA1
0c24316cc7c3f4cfd303dc30402c145ec7b2d8fc

SHA256
63a6e7ecee3116975706c52b0c943ea59adaa7a6ccd2b02ff9ff35ea903fa592

SHA512
bcf16f9d6f82ab67614ce6b1beea1878e76e78ed50111693fb328bd94c9a08af38c150ab06687f69be6188c5f5c378ba8ca4eb216cc444c363042e276907f015

Download Submit
C:\Users\Admin\SystemRootDoc\dd_vcredistUI1E51.txt

Filesize
11KB

MD5
23e9bdc60669dbae366066d1796df104

SHA1
fb5ed648e841314abb301d2f6086462643a25a04

SHA256
961615b464ecd6a336d4992286e81b942df9bdef07f2834e149c4f59bdc634a0

SHA512
6d44f52801f12600b14414674036dfac6948a0286c8c11fad150e2ddaf63c1920871686d34a42857a7cf0dcfec57baf567f41174d385ebc887dc656562067e80

Download Submit
C:\Users\Admin\SystemRootDoc\dd_wcf_CA_smci_20240903_051543_856.txt

Filesize
7KB

MD5
6d0bf582724efc0c5cc9a8fdf57b5d43

SHA1
04580602e9f0e1efe98a0c6ab74a644a63acaf21

SHA256
c0262fa13865ae318ee2817672dabdd5b89b39ad9338d6627465cb50155e0ba1

SHA512
1e3e066c0642dd61a97733589f6bb5fa6b0b720548abbb0e572693ed8885cb4855846159681a3ecd785d05a9d01bde1280ee2d1299992d8b89eeb379d3225422

Download Submit
C:\Users\Admin\SystemRootDoc\dd_wcf_CA_smci_20240903_051544_496.txt

Filesize
2KB

MD5
bbabf8f2dc6ab757771cb6527b496718

SHA1
0304a01ce56db09e771071b274fa048dc5cff4a5

SHA256
7b70f2f1e28794b67437849dd4a8ae253f7adfa2edf7a89b69f6538ee3823f66

SHA512
d0eae29103d677f42cd6998f0b1356c6408f4a977b129e4f5e8453865e4daa89a4a524927c1e1e5333c0ff932d0977478448feffffde07dc35e17206af21a6ec

Download Submit
C:\Users\Admin\SystemRootDoc\java_install.log

Filesize
170KB

MD5
61698f2ba07bda2ba323140f20b28e28

SHA1
d3e46602b6e042abdfb6a8630ccaff23801cd104

SHA256
51c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0

SHA512
eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb

Download Submit
C:\Users\Admin\SystemRootDoc\java_install_reg.log

Filesize
4KB

MD5
36cf8d512a14fd2c5263e06775f2da47

SHA1
3e8ae2e7855ac773837272177b985f1705f65667

SHA256
c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9

SHA512
e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725

Download Submit
C:\Users\Admin\SystemRootDoc\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\SystemRootDoc\jusched.log

Filesize
347B

MD5
b2c3040de04b71e6bbb6e391555d49ac

SHA1
81fe3c615055546663b038b53862504c1ebfad3d

SHA256
1cc396cf5734880efae9d45895438962307683f6fea97f8738a403558cc020bf

SHA512
62070c7212152d25e93e30206d11e1252d21cf8a58f3fa8f183d2d5257982b44dacd0bbc70b48d44fa5c0f7b9915d4032a62f28eb1bbc41d7cc30d266060e939

Download Submit
C:\Users\Admin\SystemRootDoc\libvlc.dll

Filesize
5.4MB

MD5
e339e11223bb5e4ed51e7112dfa617da

SHA1
510687d976c6253cb8b3569d71aaf85a2c69ee70

SHA256
eeb4c6dd889c40d8b95ee00f2eff67a5d3e0d4a15034ab97a36662599b2e4f3e

SHA512
aad3586e35bda596ccfad245856f5a59467b0a3ecc14ef39bc2dbda4e830038eaf80cacb62cdcf7dccdbc1982f72974ef21553a56f35a940657197655a7c34f2

Download Submit
C:\Users\Admin\SystemRootDoc\libvlccore.dll

Filesize
2.7MB

MD5
c62c3ef5753af6e0980f38eebc196b1c

SHA1
fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1

SHA256
2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d

SHA512
f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052350-0.log

Filesize
33KB

MD5
0a0294e33857b61714c4117e4de99eb9

SHA1
7caa37f1e56a3b2310ae8a5e98db9c85ab1039d5

SHA256
d5efcf8c3936f1c8bcef45f420ba7182f44db8113a52f94da1e8dd8d3ca775f8

SHA512
636db3901216183e853418b99cabfff83b6351fd258d8335449a6d996d2ac6bbb8fc16149e1a1973fac66f8ef0c3b905c26b18ae20f224737bc25090dd4bc6eb

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052532-0.log

Filesize
34KB

MD5
d63fb06768ea23bdf32eca67bf0f7c92

SHA1
5a028926ceb02822e8a3b4de125540261eacc2ef

SHA256
f60248f4137235ed15fd479cf846223d2ebfef9ab12e2fd9413b139221a5b84a

SHA512
cdba9891c2b2a64143e2e15b686e40a4bdc5ab6b5c36e5fe7faaaeea6be5aad7d3519d965d35f56220aff553b1460096be8299bd92b6d6b257d2981a2a5ce140

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052702-0.log

Filesize
44KB

MD5
1d144a87d99bb86c137b4658238e53e2

SHA1
d9dab132a47ae5c5050da8571034873d77dbd352

SHA256
412c9d38ac939574b46b9aa0aa10e878e50a721c8a29a29060dc88e10f4470b1

SHA512
28ae9661695840321c2ac1a3b7cc9a32cc16ba6b2913cd7aab1a016db3d93163701a7bc75a803cc21e9699f25462aad6ce660b73b82664cef2ec366e326f0d70

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-052845-0.log

Filesize
35KB

MD5
7cfa638908e7c9588b9588746d72e895

SHA1
d67717f62cc4bb59f2997df20d147c1e2ee62113

SHA256
9ad90f3652c709dcba440b6c6b10c6baded505546cc93758daf0b21e80741868

SHA512
306d55608b9a14d3e9f1c09462cebdfd45224228a6659af89e90ff181b3090f677651590d4039f46a9087a7a7d52dd6867626af924a1caa8eea4561202ad0ab0

Download Submit
C:\Users\Admin\SystemRootDoc\lpksetup-20240903-053019-0.log

Filesize
36KB

MD5
00dfd30fc276856606c285b07e4c1ba1

SHA1
4c32f58751da895f35b19dbff01bf798dc54fad1

SHA256
7b12f8abe5f72e5a1c942b1cbe32f91e956e4494da2c7bef79d36208f16f8feb

SHA512
eee43847a97cd03038a4a074f3679db669d01dca9f85bcbf3a712f248d5b5d075713fb2260a451f4e4a17af97ed4744f58cede83ff71a78eb14199d720ce0dec

Download Submit
memory/2100-0-0x0000000000110000-0x0000000000120000-memory.dmp

Filesize
64KB

Download
memory/2100-267-0x000000013F150000-0x000000013F248000-memory.dmp

Filesize
992KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads