2f208146065ece18feac06560fc876e62f8d36ed85aab6c161f02ec5640825b2

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
Size

1.4MB
MD5

024c44dd98bd77e8e150eee8cbf1f2e3
SHA1

af18d7729883a09449777827df32b5c5cc2cffbf
SHA256

9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f
SHA512

20670d76b0aedb0162aea034e29f0edd296f17c64db407580b9510fd494ffb232186e624a617329e4f6804ea4a1da66dc63fee8f59a1c54912b94c315ba5dd19
SSDEEP

24576:EYGY0JpBoijD9Bww/eSVtV74AWbLBJ6uYjmTjkwTlTWJj7IYxiD9/CSaXs:sjD9ew/hVcRbdpRTsjUYxe9/C

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 64 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
125	api.ipify.org
126	api.ipify.org
140	api.ipify.org
176	api.ipify.org
83	api.ipify.org
108	api.ipify.org
113	api.ipify.org
104	api.ipify.org
111	api.ipify.org
130	api.ipify.org
137	api.ipify.org
20	api.ipify.org
44	api.ipify.org
92	api.ipify.org
80	api.ipify.org
115	api.ipify.org
46	api.ipify.org
144	api.ipify.org
87	api.ipify.org
131	api.ipify.org
166	api.ipify.org
180	api.ipify.org
23	api.ipify.org
37	api.ipify.org
85	api.ipify.org
58	api.ipify.org
78	api.ipify.org
86	api.ipify.org
121	api.ipify.org
19	api.ipify.org
26	api.ipify.org
48	api.ipify.org
124	api.ipify.org
143	api.ipify.org
147	api.ipify.org
151	api.ipify.org
61	api.ipify.org
63	api.ipify.org
71	api.ipify.org
156	api.ipify.org
54	api.ipify.org
57	api.ipify.org
81	api.ipify.org
98	api.ipify.org
112	api.ipify.org
11	api.ipify.org
39	api.ipify.org
90	api.ipify.org
109	api.ipify.org
123	api.ipify.org
135	api.ipify.org
148	api.ipify.org
171	api.ipify.org
33	api.ipify.org
52	api.ipify.org
76	api.ipify.org
114	api.ipify.org
118	api.ipify.org
136	api.ipify.org
165	api.ipify.org
18	api.ipify.org
51	api.ipify.org
74	api.ipify.org
64	api.ipify.org

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
2536	9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe

C:\Users\Admin\AppData\Local\Temp\9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe
"C:\Users\Admin\AppData\Local\Temp\9151d4331c2629eb5922b7a1c909630ae81ffe2b1ce3499b44ed7a4dd8bf5a0f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2536-0-0x00000000745FE000-0x00000000745FF000-memory.dmp

Filesize
4KB

Download
memory/2536-1-0x0000000001080000-0x00000000011F2000-memory.dmp

Filesize
1.4MB

Download
memory/2536-2-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download
memory/2536-3-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download
memory/2536-5-0x0000000000690000-0x000000000069A000-memory.dmp

Filesize
40KB

Download
memory/2536-4-0x0000000000690000-0x000000000069A000-memory.dmp

Filesize
40KB

Download
memory/2536-6-0x00000000745FE000-0x00000000745FF000-memory.dmp

Filesize
4KB

Download
memory/2536-7-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download
memory/2536-8-0x0000000000690000-0x000000000069A000-memory.dmp

Filesize
40KB

Download
memory/2536-9-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download
memory/2536-10-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download