Analysis
-
max time kernel
123s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 13:53
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
5 signatures
150 seconds
General
-
Target
file.exe
-
Size
768KB
-
MD5
1560d6506f8e57432427df2bc4263f12
-
SHA1
70f83580e72e75f4a1b215abf55d9e07beb683f0
-
SHA256
0bb9e107a5f5f9ad838173ebf222107d37cc1f378fa10f46ad5b2914f19f8e72
-
SHA512
e5b0eff2054b6b24efeb9f8df23cd22e307d5fac1669e86b798d8caee2e3c4ea3e4c6213abe868ba44b37b689e5b52d4d3a40fd0167a476c06bc32dded69a202
-
SSDEEP
12288:rvsXZv8km0OHcbGbvzWHz0Hnquw3y+h0ssFWylkkoAbtEkOwfNqbYS2VbICKMIU6:UfPz0H0Lh0ssFlSjbmk
Malware Config
Signatures
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2108-1-0x0000000000E40000-0x0000000000F06000-memory.dmp family_sectoprat -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
file.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
file.exedescription pid Process Token: SeDebugPrivilege 2108 file.exe