80bd2e285ac47e5ef6f2f8451d7556c5ef09df8736781866772a2eaf162d2a9c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c508f26e1cdca221d561799334b4900N.exe
Size

733KB
MD5

1c508f26e1cdca221d561799334b4900
SHA1

d3d25c75202bdf83b509d9d9330f8b515999a2dc
SHA256

80bd2e285ac47e5ef6f2f8451d7556c5ef09df8736781866772a2eaf162d2a9c
SHA512

2ed5782f4024425a97aa5c9e684b3de6eb2921673de065f2e9d36696c59171a08e4f946a2acefaeeee15a0ab9e2bbc28d6dc70319188281449ea8ea9436297be
SSDEEP

12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0SZxxXMcEen3paPcg:8qzcpKIL0TvZzNlNky0wVW0SZxJVg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

1c508f26e1cdca221d561799334b4900N.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1c508f26e1cdca221d561799334b4900N.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

1c508f26e1cdca221d561799334b4900N.exe

pid process

2384 1c508f26e1cdca221d561799334b4900N.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c508f26e1cdca221d561799334b4900N.exe

pid	process
2384	1c508f26e1cdca221d561799334b4900N.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

1c508f26e1cdca221d561799334b4900N.exe

description	pid	process
Token: SeShutdownPrivilege	2384	1c508f26e1cdca221d561799334b4900N.exe
Token: SeDebugPrivilege	2384	1c508f26e1cdca221d561799334b4900N.exe
Token: SeTcbPrivilege	2384	1c508f26e1cdca221d561799334b4900N.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

1c508f26e1cdca221d561799334b4900N.exe

pid process

2384 1c508f26e1cdca221d561799334b4900N.exe

pid	process
2384	1c508f26e1cdca221d561799334b4900N.exe

C:\Users\Admin\AppData\Local\Temp\1c508f26e1cdca221d561799334b4900N.exe
"C:\Users\Admin\AppData\Local\Temp\1c508f26e1cdca221d561799334b4900N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads