256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe
Size

216KB
MD5

5dd4e2111931c62c4093aa49f4934b9a
SHA1

077c3e7aecd3e796246bb9d8c6d8bebed575187a
SHA256

256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35
SHA512

5a205d6c4c11c41562bd127c3196645ae4ecdfbe551531cc250c2abd72952403e5846561e98142d51e38777c7f597817e44aca4cb9e1ac8607db1509cafd5435
SSDEEP

3072:EOsA++eZfkeB3uppruBjYPS+ttfQfLgJVNfSSl9WBX7/X3UYdB8:5sA++eF0niB89azgzl9wLd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

description pid process

Token: SeDebugPrivilege 308 SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

description	pid	process
Token: SeDebugPrivilege	308	SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/308-0-0x000000007409E000-0x000000007409F000-memory.dmp

Filesize
4KB

Download
memory/308-1-0x00000000003D0000-0x000000000040C000-memory.dmp

Filesize
240KB

Download
memory/308-2-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/308-3-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download