7aa9df6811ccf7f560e7c2f34e26286d5366cbb81b0eed63e3271db785d10f0a

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/03/2025, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uninstall_flash_player.exe
Size

810KB
MD5

7c6cf7e123b8f3e34102a591583307cd
SHA1

d5cec0e920df21b31cba9b9643d2ab4d770fd7a4
SHA256

c1598fc99323355298fd14ddab18053e57886b5cf71e2ca8bc41921b0c10f4e9
SHA512

222b3f9c4fd2fbc0da12b4f49c2620d5bbc1f13e493030721862d867106ee56728c5506b55f53ddbee34dd75b090ec56dfe7b8e27767d7cfe8c33c39580c249d
SSDEEP

12288:2Sa/Z2DdYvbpFeaMCRR+aUCg+n+E4M7eWDLSUA3/JEvRR3Bc4OhU6Ex7:2SsZy8iaMIMMg+nXl7LkPkRR94U6Ex7

Score

7^/10

defense_evasion discovery trojan

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1192	uninstall_flash_player.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	uninstall_flash_player.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uninstall_flash_player.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1192	uninstall_flash_player.exe

C:\Users\Admin\AppData\Local\Temp\uninstall_flash_player.exe
"C:\Users\Admin\AppData\Local\Temp\uninstall_flash_player.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\{8FB97672-08E2-45BD-8E7A-C70868C04A1B}\fpb.tmp

Filesize
475KB

MD5
94bdeaa767fe23036d8ecf48ac9d5f29

SHA1
4844895db5aed7f77a3e1fc0de62a2100c8a9d8a

SHA256
1a48a75146302bbcbb82c0ffb0069c51cf1ffb0d38f48d7cd9021b532fc7f006

SHA512
c95fdd9ff42dbca6c91d250226bf8f25a1b9fac6474be1de0b877ef97ef793ae7a2c8fae7d910ae83d06c37c18c9d165defdefdcea3e1aa3e7f7db6ffcb4f4d3

Download Submit