8292fa5b48430c11c0fa4b664a98014cb3360dc1497846a81b1581786947287c

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TidalInject.exe
Size

154KB
MD5

f625b527764234ec0fa014a1c1d681b6
SHA1

289769d681e2b43fff3778c43ce467ffb4dbacbc
SHA256

79305457bee0cf5b813f60c6c05a3d3b7efdd8af5ef246c1d6e89b7d584344e2
SHA512

0291c69199ff74205ce067583cbc583899334fc8cce23d05de186d41585bc6f5dc4b56340c9b315d57dfd6e2f9e2356d8cd9eef4da13ce7533eaa9ce3e178e64
SSDEEP

3072:x7LW6Pr46prwG2k5GlI1JWE9QVsxyvJyn4NTfQf1VZlkWhrQ:xXWJ5kICW3Jyn4if1VZai

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	TidalInject.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	TidalInject.exe

C:\Users\Admin\AppData\Local\Temp\TidalInject.exe
"C:\Users\Admin\AppData\Local\Temp\TidalInject.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads