4b47f4f7eff55228e6c53a50312942487a39677a53fcde4a20e36029675740e3

Analysis

max time kernel
149s
max time network
52s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Interface.exe
Size

2.3MB
MD5

6317f18fd5e36e003c65f161033a54b1
SHA1

a0855b4f3ec3b30bfca75a011a7839bc2f41a34c
SHA256

4b47f4f7eff55228e6c53a50312942487a39677a53fcde4a20e36029675740e3
SHA512

9b7fc1a78821ef3ac4eac1dc9be8bb73288583f71f7abf9b74c14a7e4519a526bfdca014294985c7198d632d6fb4e0944fc24b16303b073f55f8635f3789cf4b
SSDEEP

49152:8Rxbb0k71+FIg4/vj8d5E+PpfLUZmDa2ER0vNgtzeQn9Cl2Ev:Q/03FIgcCfxDRwkQz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1832	Interface.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Interface.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe
1832	Interface.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1832	Interface.exe

C:\Users\Admin\AppData\Local\Temp\Interface.exe
"C:\Users\Admin\AppData\Local\Temp\Interface.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Interface\Interface.exe_Url_edc445ejyvrdk3pstx1h32p4aopoao3m\1.0.0.0\user.config

Filesize
818B

MD5
2018db455c2e7c97dae4637aed0f004a

SHA1
bdb7377597d6d50b0068669f8049cb33dc3a8253

SHA256
476f3ca23414f6e5465fc78f56c952b6a682295b2978e6a38597246e34414307

SHA512
ba62f58b2b57e32aa837b2bdf1c1f1c873b38f2a6c725298147c389cce69fd18a0ba9a3fec79ba11273521c53056d4920798b01a1bba1de947d1c86c594ad24b

Download Submit
C:\Users\Admin\AppData\Local\Interface\Interface.exe_Url_edc445ejyvrdk3pstx1h32p4aopoao3m\1.0.0.0\user.config

Filesize
945B

MD5
f01e83872a7265ae85a02571c6a68530

SHA1
b6af7396d9378d5a0aa841ec0ad6f3a1667d03e0

SHA256
64acc385c3efc6d5cfa2b5ad516015beb37cddba3307dc12e93d6b43bc2b82c7

SHA512
f1f263717c211868c88ed11ec225b118b5b8eaef202a104bffd3218fd0c14b9a19b47be6a65791bbaaabe0a8d827bfd188e9c94717742cf92e6a0b0231a0f309

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll

Filesize
943KB

MD5
2ff7acfa80647ee46cc3c0e446327108

SHA1
c994820d03af722c244b046d1ee0967f1b5bc478

SHA256
08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d

SHA512
50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

Download Submit
memory/1832-3-0x0000000005390000-0x0000000005422000-memory.dmp

Filesize
584KB

Download
memory/1832-4-0x0000000074D90000-0x0000000075541000-memory.dmp

Filesize
7.7MB

Download
memory/1832-5-0x0000000005380000-0x000000000538A000-memory.dmp

Filesize
40KB

Download
memory/1832-6-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

Filesize
4KB

Download
memory/1832-7-0x0000000074D90000-0x0000000075541000-memory.dmp

Filesize
7.7MB

Download
memory/1832-8-0x0000000074D90000-0x0000000075541000-memory.dmp

Filesize
7.7MB

Download
memory/1832-0-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

Filesize
4KB

Download
memory/1832-2-0x0000000005860000-0x0000000005E06000-memory.dmp

Filesize
5.6MB

Download
memory/1832-22-0x000000000A8B0000-0x000000000AA04000-memory.dmp

Filesize
1.3MB

Download
memory/1832-1-0x0000000000620000-0x0000000000876000-memory.dmp

Filesize
2.3MB

Download
memory/1832-27-0x0000000074D90000-0x0000000075541000-memory.dmp

Filesize
7.7MB

Download