Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-08-2024 03:24
General
-
Target
hydra-5.4-win/pw-inspector.exe
-
Size
14KB
-
MD5
b56e5f037b66cadcddd3f730d12b9548
-
SHA1
155ee9d17a0f3109b62f0ad22214a7f954a8aaff
-
SHA256
41a618d8ca47a5eeddd8206efe3c01edf2d89ff58925be32328b7a1409f26fe7
-
SHA512
54c624ae8eb2227fca838090f02ee2554f8060111bd822945a51fce4c2f8ec4d6213b14613e37ce9aae6075d48b518335172f6a2ce4170bc50bdadab0080a299
-
SSDEEP
192:jSKeMa60i96YAcQ9eob7Th5YkUCYKr6HjgO1j8U7wD:jRL6YQDrjUCvr6HkO6d
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\pw-inspector.exe"C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\pw-inspector.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\pw-inspector.exe"C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\pw-inspector.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
-
Filesize
20KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
20KB
-
Filesize
1.5MB