cc605ef7ac9c704ab2bf7b89a51000ee7e92a3fffc8d3baec6fa0672e3163d87

Analysis

max time kernel
104s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73a4b41542c76b19fa79a02bef777e70N.exe
Size

15KB
MD5

73a4b41542c76b19fa79a02bef777e70
SHA1

ffa741b2449e99b3a315b0010d0ec602e97ea737
SHA256

cc605ef7ac9c704ab2bf7b89a51000ee7e92a3fffc8d3baec6fa0672e3163d87
SHA512

5608c5b8a808d2dda54163c1fefc1ce4a84ab27cadf1478ddcea12d1df9f9117ff14fb3e5c593cfaf4abe130d30d9238c5528f19127226b3a958d0c97df977f9
SSDEEP

384:luueeysmt5BWSAYrghGWIffEPSRfL0ptYcF9Vc03K:V23QPSpQtYcF9Vc6K

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73a4b41542c76b19fa79a02bef777e70N.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe
3212	73a4b41542c76b19fa79a02bef777e70N.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3212	73a4b41542c76b19fa79a02bef777e70N.exe

C:\Users\Admin\AppData\Local\Temp\73a4b41542c76b19fa79a02bef777e70N.exe
"C:\Users\Admin\AppData\Local\Temp\73a4b41542c76b19fa79a02bef777e70N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3212-0-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/3212-1-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/3212-2-0x0000000005280000-0x0000000005824000-memory.dmp

Filesize
5.6MB

Download
memory/3212-3-0x0000000004CD0000-0x0000000004D62000-memory.dmp

Filesize
584KB

Download
memory/3212-4-0x0000000074690000-0x0000000074E40000-memory.dmp

Filesize
7.7MB

Download
memory/3212-5-0x0000000004C70000-0x0000000004C7A000-memory.dmp

Filesize
40KB

Download
memory/3212-6-0x0000000074690000-0x0000000074E40000-memory.dmp

Filesize
7.7MB

Download
memory/3212-7-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/3212-8-0x0000000074690000-0x0000000074E40000-memory.dmp

Filesize
7.7MB

Download