Overview

overview

3

Static

static

1

578d98f71e...0N.exe

windows7-x64

3

578d98f71e...0N.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    578d98f71e6af816c6fc18aa191c0020N.exe

  • Size

    8.9MB

  • MD5

    578d98f71e6af816c6fc18aa191c0020

  • SHA1

    ffd702d2cb90f943dbdf1ba6c0d71907840599f8

  • SHA256

    a63f521b775d12bcdc5323e2ec96de99cf97bff707b1b25aa317a40f7a16a754

  • SHA512

    fb1567a365dde686a2fd17c7263f5f7f2f2f25149166a40537c7c9586ccdb373e53928f65716dfa1c1e70497afde455787556da99cbea3698f00f7c8955b4b17

  • SSDEEP

    196608:NrjUMUkcsiA3me2TrlathECLJTTLIthyNVbWPHKT53o+0cQfcQRJVTB:6Giqme2TY0gFtNVQKl4qgJVTB

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\578d98f71e6af816c6fc18aa191c0020N.exe
    "C:\Users\Admin\AppData\Local\Temp\578d98f71e6af816c6fc18aa191c0020N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2792-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-1-0x0000000001100000-0x00000000019F2000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2792-2-0x00000000004C0000-0x00000000004EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2792-3-0x00000000747D0000-0x0000000074EBE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2792-4-0x0000000000340000-0x000000000034A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2792-5-0x0000000000CC0000-0x0000000000D68000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2792-7-0x0000000000AE0000-0x0000000000B40000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2792-9-0x0000000000D70000-0x0000000000D92000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2792-10-0x0000000000B50000-0x0000000000B5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2792-13-0x00000000747D0000-0x0000000074EBE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2792-14-0x00000000747DE000-0x00000000747DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-15-0x00000000747D0000-0x0000000074EBE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2792-16-0x00000000747D0000-0x0000000074EBE000-memory.dmp

    Filesize

    6.9MB

    Download