100dc0db633b1dea1a0c5012f2364ff0d201ff203de1ea3820f432fc51751652

Resubmissions

27/07/2024, 01:26

240727-btjhqs1bqc 3

21/02/2023, 10:55

230221-m1mdragd5y 1

21/02/2023, 10:48

230221-mwehcaee59 10

Analysis

max time kernel
17s
max time network
26s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
27/07/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PandorahVNC.exe
Size

121.7MB
MD5

7e0c8dba7497c6c4239531073a04628e
SHA1

d82c10b1ed2527f971b2c63e75c15a6b746119b0
SHA256

100dc0db633b1dea1a0c5012f2364ff0d201ff203de1ea3820f432fc51751652
SHA512

e8e79732885f4f38c15fe1e78e740b0678de64c5b8875f590678eca8229190ab84be04724f934037a8837238431c1c0b5809eebdc5e0ee8eb610be012996b722
SSDEEP

3145728:Rlhah9cOLbrHMevdE5x89uYrM0cqgW05zaWPP:p09cOnrBdE5x50ce0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PandorahVNC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4756	PandorahVNC.exe

C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
"C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4756-0-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

Filesize
4KB

Download
memory/4756-1-0x0000000000FF0000-0x0000000001FF0000-memory.dmp

Filesize
16.0MB

Download
memory/4756-2-0x000000000D3C0000-0x000000000D3D2000-memory.dmp

Filesize
72KB

Download
memory/4756-3-0x000000000DD30000-0x000000000E2D6000-memory.dmp

Filesize
5.6MB

Download
memory/4756-4-0x0000000074E50000-0x0000000075601000-memory.dmp

Filesize
7.7MB

Download
memory/4756-5-0x00000000132E0000-0x00000000144A4000-memory.dmp

Filesize
17.8MB

Download
memory/4756-6-0x000000000D820000-0x000000000D8B2000-memory.dmp

Filesize
584KB

Download
memory/4756-7-0x00000000144A0000-0x00000000149C2000-memory.dmp

Filesize
5.1MB

Download
memory/4756-9-0x0000000074E50000-0x0000000075601000-memory.dmp

Filesize
7.7MB

Download