Overview

overview

10

Static

static

3

Folder/folder.exe

windows10-2004-x64

10

Folder/folder.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    604s
  • max time network
    1192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Folder/folder.exe

  • Size

    54KB

  • MD5

    3fa2ed39ebddec57c1094c394cdac8b7

  • SHA1

    481a1e85ecbc1a671dbd0dae78e2f124d8471a83

  • SHA256

    e203906912348bf42942d73d692c3a1c7ae837086b4b2bdc518c1298ba840b05

  • SHA512

    443a3f0210fd92522eeaf8e4ed5f5144620d91864cd73c4edc5077db3f3a371ecc1020fc34194da864e228af8d362633b786e0d4ef4b87306f3225c462c83b7c

  • SSDEEP

    1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgL52:lImfzoXK9/o6M

Score
10/10
netsupportdiscoveryrat

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Folder\folder.exe
    "C:\Users\Admin\AppData\Local\Temp\Folder\folder.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads