Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19/09/2024, 16:46
Static task
static1
Behavioral task
behavioral1
Sample
CytInj.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
CytInj.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Cytriik Launcher.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Cytriik Launcher.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Cytriik Launcher.exe
-
Size
15KB
-
MD5
0ff5225ab98342e142bd069172f31e12
-
SHA1
097133ef2537a9ffdd0d0c774fea7f054bfa9c61
-
SHA256
289685c3cddc5cc22f0169cc13153d35bcd285b1870f50af1ab5c4474869b44b
-
SHA512
65448b3826974cc2a2cd1d4dee0a3b8c8b74e6ac1f9909ac23f2210360de416be2230e3ba6e9edb7a7795c3c4ca8a5ae7c9a9167f0dcb0689e58c9dd5f8460cc
-
SSDEEP
384:6okgkPFti4AZSbTz7LyD6l/5qG3apHuGpE:6oXs7i4AZKyDkkG3MH
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Cytriik Launcher.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe 2264 Cytriik Launcher.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2264 Cytriik Launcher.exe