f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760

Analysis

max time kernel
93s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe
Size

430KB
MD5

843ada62b385071f0770466fcdc1e3bc
SHA1

ba64ee4ca4bb76a88304d98fbec077c1ff8b01dc
SHA256

f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760
SHA512

9f3ef5cdf8268c4bafb50615de754550fc9f030ceb9541dfa06081893a85ceb4c5abced482d723ff75dacc2324627a37991c4f9bdf2900c673fe3082ab4b910d
SSDEEP

12288:p4tnf0sfAfuxVDch+TwyX3McvZPKWAgORb0tARm19p:gH4G/DKcHlp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4896	f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4896	f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4896	f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe

C:\Users\Admin\AppData\Local\Temp\f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe
"C:\Users\Admin\AppData\Local\Temp\f99f6bec0e70174987064d8c3b962c228d2f69c75ca39a8ebff238f696489760.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\systemSC.ini

Filesize
166B

MD5
a03e9e345a6a16ac4f3d2752dc25d471

SHA1
d4960bec4a4a3439f17d01511c93bf4e1b81ec77

SHA256
9e51877597ba2557d188500b6a9c2500780497c282f64036dad34d2228b45b99

SHA512
10a77093f6b6aed16deda7617b8727eeda7854f93a6349bcb0775d782c42b1efea411f7b75856e749f4e0520772370428e8c218bb6d66f53bd884b444c7696df

Download Submit
memory/4896-6-0x0000000005A30000-0x0000000005A3A000-memory.dmp

Filesize
40KB

Download
memory/4896-9-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4896-3-0x000000000A300000-0x000000000A8A4000-memory.dmp

Filesize
5.6MB

Download
memory/4896-4-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4896-5-0x0000000005AA0000-0x0000000005B32000-memory.dmp

Filesize
584KB

Download
memory/4896-0-0x000000007459E000-0x000000007459F000-memory.dmp

Filesize
4KB

Download
memory/4896-7-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4896-2-0x0000000005930000-0x0000000005964000-memory.dmp

Filesize
208KB

Download
memory/4896-10-0x0000000007790000-0x00000000077F6000-memory.dmp

Filesize
408KB

Download
memory/4896-1-0x0000000000D10000-0x0000000000D82000-memory.dmp

Filesize
456KB

Download
memory/4896-18-0x000000007459E000-0x000000007459F000-memory.dmp

Filesize
4KB

Download
memory/4896-19-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4896-20-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4896-21-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download