Analysis

  • max time kernel
    300s
  • max time network
    299s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 05:31

General

  • Target

    ALJ160924.scr

  • Size

    63KB

  • MD5

    f4bcadef3484f1465ddfde29bcb8d23d

  • SHA1

    c074ce7f76cf58af3f361ca9fdeb85c15cfe6b74

  • SHA256

    0c5d7d5a66c96a8aa51d19fb03243818d82e35c23396c5f471f0cd2635d8fe94

  • SHA512

    3afcb21c54d9870a759022b2cfb7b3c9db274e544cc62c9f1b6a01fa25c0246f381cb1123d8e5b8805b9eec81509504d7e6c92773f1faa0a3e5a4a69ac842368

  • SSDEEP

    1536:0vjK5iyA22P8AuEAEEkwQdsYihPjBoHD72qE68:MK5i2297PViRjBAE68

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ALJ160924.scr
    "C:\Users\Admin\AppData\Local\Temp\ALJ160924.scr" /S
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-0-0x0000000074CAE000-0x0000000074CAF000-memory.dmp

    Filesize

    4KB

  • memory/1660-1-0x0000000000950000-0x0000000000966000-memory.dmp

    Filesize

    88KB

  • memory/1660-2-0x0000000074CA0000-0x000000007538E000-memory.dmp

    Filesize

    6.9MB

  • memory/1660-3-0x0000000074CAE000-0x0000000074CAF000-memory.dmp

    Filesize

    4KB

  • memory/1660-4-0x0000000074CA0000-0x000000007538E000-memory.dmp

    Filesize

    6.9MB