Analysis
-
max time kernel
300s -
max time network
299s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-09-2024 05:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ALJ160924.scr
Resource
win7-20240903-en
2 signatures
300 seconds
Behavioral task
behavioral2
Sample
ALJ160924.scr
Resource
win10v2004-20240802-en
12 signatures
300 seconds
General
-
Target
ALJ160924.scr
-
Size
63KB
-
MD5
f4bcadef3484f1465ddfde29bcb8d23d
-
SHA1
c074ce7f76cf58af3f361ca9fdeb85c15cfe6b74
-
SHA256
0c5d7d5a66c96a8aa51d19fb03243818d82e35c23396c5f471f0cd2635d8fe94
-
SHA512
3afcb21c54d9870a759022b2cfb7b3c9db274e544cc62c9f1b6a01fa25c0246f381cb1123d8e5b8805b9eec81509504d7e6c92773f1faa0a3e5a4a69ac842368
-
SSDEEP
1536:0vjK5iyA22P8AuEAEEkwQdsYihPjBoHD72qE68:MK5i2297PViRjBAE68
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
ALJ160924.scrdescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ALJ160924.scr -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ALJ160924.scrdescription pid Process Token: SeDebugPrivilege 1660 ALJ160924.scr