1ce8df74c00786b111839785779d8d1f00fa9aada5ca27b16c650533a6ab88b5

Resubmissions

26-07-2024 05:05

240726-frc1ds1drf 10

25-07-2024 07:20

24-07-2024 14:30

24-07-2024 13:56

23-07-2024 11:06

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Server.exe
Size

1.0MB
MD5

97fdf675692906714405d7e9bd6a9c61
SHA1

f388a87852ca61122f2563b9919625d33c7efe78
SHA256

dd3c72966f70692309714ec42461021fef21c26ad33b1b43e3232186b632a44b
SHA512

06f371bbec435746a876bb8127979c46fb1a21949c7f2b1f0e7edd4895382c5018113d52cf86485fa8d269f5c4b597c2739519db11b78bb7574638272ebf925c
SSDEEP

24576:UcBAVQOcXu65lmmomlEkmmsEnE7E7E7EUmemmmmmmIDmeQaKM:USAVQTXuElmmomSkmmtEQQQUmemmmmmL

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1704	Server.exe
1704	Server.exe
1704	Server.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Server.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1704	Server.exe

C:\Users\Admin\AppData\Local\Temp\Release\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Server.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Server\Server.exe_Url_jmtcyt32s450mrkqcfhpdrl3u0cpu3sy\1.0.0.0\user.config

Filesize
311B

MD5
a35bc67d130a4fb76c2c2831cbdddd55

SHA1
66502423bba03870522e50608212b6ee27ebf4c5

SHA256
e94a97e512fbc8ed9f5691d921fdeddbff4cc16b024c5335adf66bff3a7a8192

SHA512
4401b234d7914afa860e356be1667cc5f44402255f7cc6cc3d8df80883167f6b55463e62156df57be697ee501897fac61a71f97911c6fdb6630272341ac8a07e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_jmtcyt32s450mrkqcfhpdrl3u0cpu3sy\1.0.0.0\user.config

Filesize
434B

MD5
cfcf8e91857f364e002065c52ff8f91c

SHA1
8407ecb3c33a1f3fcf18a723e6884acf7e5a0f4a

SHA256
572dda8c7f211dc6a4efc7aecb4a54cb4e0ced1e4c9a4b9f96bb329c983c64e6

SHA512
364fecac3a051441b4fefcebb2cc9e38632f99dd04593cd5d9b148986afb09b195e88cdbfa2e778b8934564b76d04fe053f919f0a60769b023f2f753ede06d1e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_jmtcyt32s450mrkqcfhpdrl3u0cpu3sy\1.0.0.0\user.config

Filesize
560B

MD5
463d2a6611fbb9f0657b8c8c9783f6e0

SHA1
9fbda301bda3be3c9c2362b08cf4046857e2612d

SHA256
31d89529523e9b788ceec89cb43f1d2d26b44829e720324facf0906251135046

SHA512
c2b30090064b389eed8f79429765dc881c74c83352c7bb6e81585b81e9df6010cc89150766e94bf5091279a54b50301a529af70ec2626e2da2a842040424b169

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x86\System.Data.SQLite.DLL

Filesize
1.3MB

MD5
14393eb908e072fa3164597414bb0a75

SHA1
5e04e084ec44a0b29196d0c21213201240f11ba0

SHA256
59b9d95ae42e35525fc63f93168fe304409463ee070a3cf21a427a2833564b80

SHA512
f5fc3d9e98cca1fbbbe026707086a71f801016348d2355541d630879ad51a850f49eb4a5f7a94e12a844d7a7108d69fa6d762ee19f4805d6aafef16259b4330b

Download Submit
memory/1704-5-0x0000000005410000-0x00000000054BA000-memory.dmp

Filesize
680KB

Download
memory/1704-2-0x0000000000390000-0x00000000003EC000-memory.dmp

Filesize
368KB

Download
memory/1704-6-0x0000000005CB0000-0x0000000005CDC000-memory.dmp

Filesize
176KB

Download
memory/1704-7-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/1704-8-0x0000000008A30000-0x0000000008D12000-memory.dmp

Filesize
2.9MB

Download
memory/1704-9-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/1704-4-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/1704-14-0x00000000097D0000-0x000000000991B000-memory.dmp

Filesize
1.3MB

Download
memory/1704-3-0x0000000004ED0000-0x0000000005122000-memory.dmp

Filesize
2.3MB

Download
memory/1704-0-0x000000007427E000-0x000000007427F000-memory.dmp

Filesize
4KB

Download
memory/1704-1-0x00000000008B0000-0x00000000009C0000-memory.dmp

Filesize
1.1MB

Download
memory/1704-49-0x0000000005D40000-0x0000000005D60000-memory.dmp

Filesize
128KB

Download
memory/1704-59-0x000000000D060000-0x000000000D112000-memory.dmp

Filesize
712KB

Download
memory/1704-60-0x000000007427E000-0x000000007427F000-memory.dmp

Filesize
4KB

Download
memory/1704-61-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/1704-62-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/1704-63-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download