Analysis
-
max time kernel
127s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
16-04-2021 11:11
Static task
static1
Behavioral task
behavioral1
Sample
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe
-
Size
11.2MB
-
MD5
885048c2a7156ec45ad6ea9cb3e31fba
-
SHA1
e9c35853bed083c1b16c9004bb0120b57ab3e425
-
SHA256
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5
-
SHA512
de1c4f1c70253d3123e5d6b458846610457f994ecc8e63ab26b5e65b28d509d9b76065640e30705629e8db606532a15f24eed738b77d8734559fd78c4fe18507
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Control Panel\International\Geo\Nation 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exepid process 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exedescription pid process Token: SeDebugPrivilege 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe Token: SeTakeOwnershipPrivilege 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe Token: SeTcbPrivilege 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exepid process 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 1848 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe 552 43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe"C:\Users\Admin\AppData\Local\Temp\43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exeC:\Users\Admin\AppData\Local\Temp\43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin.exe -second2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx