Analysis
-
max time kernel
1796s -
max time network
1570s -
platform
windows7_x64 -
resource
win7-20240708-de -
resource tags
arch:x64arch:x86image:win7-20240708-delocale:de-deos:windows7-x64systemwindows -
submitted
26-07-2024 10:31
Behavioral task
behavioral1
Sample
Payload.exe
Resource
win7-20240708-de
windows7-x64
4 signatures
1800 seconds
Behavioral task
behavioral2
Sample
Payload.exe
Resource
win10-20240404-de
windows10-1703-x64
4 signatures
1800 seconds
General
-
Target
Payload.exe
-
Size
55KB
-
MD5
832ef656019128a1efc9adccffa2eb4a
-
SHA1
ac17121592150a93c0495fc080c4f249130497e0
-
SHA256
50dc05f3579090555c00dc10578afbba9e4c5317c088b3dcaa908fddcddbbf81
-
SHA512
03edd2b8dfd5d14b99a65450d477f00b7828a98e81f3e140f8656cfbeccb1feee416237348c240d3d84b4231e76f72f065f829ca4eb6a0f198900881820bc435
-
SSDEEP
1536:NF/dIDnrNZtLy9CIDKwsNMDKXExI3pmdm:H1IDnRekIDKwsNMDKXExI3pm
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Payload.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Payload.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Payload.exepid process 1848 Payload.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
Payload.exedescription pid process Token: SeDebugPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe Token: SeIncBasePriorityPrivilege 1848 Payload.exe Token: 33 1848 Payload.exe