1c58bbe3dde2939b5eb3b8d983abec4ddc8774a21183353fc139a8b2f2b15ceb

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resume.exe
Size

579KB
MD5

0cac8753434d7d33fc4ca2f35aeda38e
SHA1

4d5ab96c9c49119268527d3055cdbbeb44af223b
SHA256

adf8e605cb6f07a8a3ab75913940f9ae4e8f02094b539f97083c7eb4ff8042e8
SHA512

f714e1b8f18f961afcb7784d4acf7912069f09ec40c5d160a81a1e3f971ee140261491ef7327d3750d03e91803cfe03970eaddbb55b3853974cf8662c096fe4b
SSDEEP

12288:97sY46IbLi8ws+joUc4b4EZx14mcD5LiWY9XfEbqYva+YACzDG0OM/V8e:uLLws+HVcag3OWYebqYv/YAWDGut

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Resume.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	2556	Resume.exe
Token: SeIncBasePriorityPrivilege	2556	Resume.exe
Token: 33	2556	Resume.exe
Token: SeIncBasePriorityPrivilege	2556	Resume.exe
Token: 33	2556	Resume.exe
Token: SeIncBasePriorityPrivilege	2556	Resume.exe

C:\Users\Admin\AppData\Local\Temp\Resume.exe
"C:\Users\Admin\AppData\Local\Temp\Resume.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-0-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2556-1-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download