9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e

Analysis

max time kernel
143s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe
Size

1.7MB
MD5

2eccd72c083a47c9dc794663528747bc
SHA1

b16ff548d8f95346bf4c8bd3f4601d272fe54e7c
SHA256

9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e
SHA512

1b90afe3301998dd9e132b1d916d3753f09235f754d9642fb986f7a8fbb18a7a3eb823b5e6a65b03cdd8f679d28cf94fca55a22f20916cc68f3d53f14d6160de
SSDEEP

24576:/1SsxjXH9vhIN7hssNtWoXJ+1RHk87SVWwNRd1RH:/x1Hj+Nt3Sz7SVWwNRh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3180	9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe

C:\Users\Admin\AppData\Local\Temp\9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe
"C:\Users\Admin\AppData\Local\Temp\9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe.ini

Filesize
859B

MD5
16fe5b0c52ce61967b686737109671a7

SHA1
697f8a2ab868280d3a8bf677f23b2e88ad90db45

SHA256
e02a45b1a3f4a51fa1265149b44239b4e423a13bc01ebd38d87bf597dc435998

SHA512
b6f7d2cff678e48ce4ef1d78becdf8205f6ee22b6e11938d0688638da04ab731408802f668682954f61ae9a4dccb84d1b5733d30271ff3d5dca68afd7ae1b667

Download Submit
C:\Users\Admin\AppData\Local\Temp\9b4cadfffffc382ddf630d2a2755c817cc4f2b13991479264cea1693ef29a23e.exe.ini

Filesize
481B

MD5
17fd92631bc37b5db77c4ad5823fabc6

SHA1
c928ae2cb7bc09c10448d9afdc0f254c43cb71ee

SHA256
fcac306310f8a8d1e53f45da1a2474f32c48dcb60c2bb48f165aa6e10d6d2e6b

SHA512
0d005e359aa7e0a96ecce3e56a7eeb12bb103c694a15cc1d2b5dda0f2d9c2d8e17d9dd050616252ced1282ed804eb103eb5529a601749292a44ef2e973c6d661

Download Submit
memory/3180-0-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/3180-1-0x00000000001F0000-0x00000000003A0000-memory.dmp

Filesize
1.7MB

Download
memory/3180-2-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/3180-22-0x00000000050D0000-0x00000000050D8000-memory.dmp

Filesize
32KB

Download
memory/3180-23-0x0000000005120000-0x0000000005158000-memory.dmp

Filesize
224KB

Download
memory/3180-24-0x00000000050E0000-0x00000000050EE000-memory.dmp

Filesize
56KB

Download
memory/3180-29-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/3180-30-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/3180-31-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/3180-32-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download