Resubmissions
03/09/2024, 21:32
240903-1dvy9syeqh 303/09/2024, 21:15
240903-z35pbsxcnm 303/09/2024, 21:00
240903-ztqttaxalq 303/09/2024, 20:53
240903-zps4dawhll 3Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/09/2024, 21:00
General
-
Target
Cisco AnyConnect Secure Mobility Client/manifesttool.exe
-
Size
339KB
-
MD5
c91a28843e645dbafbdfaca8f0ec77a9
-
SHA1
915f6c343777465c720d0b0ce6482de79d4e35c6
-
SHA256
d987bc0b335a9dafafcceaab8a10096994cd523f0fb69ac2913a048075b26072
-
SHA512
32f5f00db051191d6364dd34c1594280094f030b3d3aec89ecc87fb3a98a563a6514a2ec4b444fdd705eb9f29b94b7112bd8cf57de283ae4a6b111aca5171c48
-
SSDEEP
6144:CVDDK/8HsuSpfcUA2B+fsNMBYShENdkh4AOU7AtrXJp:CdK/8HsuSpEUA2aTYIEIyK7KXJp
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cisco AnyConnect Secure Mobility Client\manifesttool.exe"C:\Users\Admin\AppData\Local\Temp\Cisco AnyConnect Secure Mobility Client\manifesttool.exe"1⤵
- System Location Discovery: System Language Discovery