Analysis
-
max time kernel
299s -
max time network
299s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-09-2024 05:35
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-2413AM-KE2800.scr
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RFQ-2413AM-KE2800.scr
Resource
win10v2004-20240802-en
General
-
Target
RFQ-2413AM-KE2800.scr
-
Size
39KB
-
MD5
478ace96e7cb7d671bb378dfc1be2899
-
SHA1
dbd9954889aa460f2f69556d45cb2fbc12f9f6d1
-
SHA256
c839d8269a32c721dda69fc174596488bf03f9d1416fd83ba822a5672c14d81e
-
SHA512
3b1a0aad649a69e2a93ac2da557066dd9bb90d2016b2ab5a6ade12824e0c15990df55cc2284f306983926522a008879113d4679d5ca7d6f8b312f1eef66a7079
-
SSDEEP
768:pPANMaGROq2ZKOVfpikiJUeHN9NY5ILNPshWivefeI:9YM7RSfsJWWNUrmfeI
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
RFQ-2413AM-KE2800.scrdescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RFQ-2413AM-KE2800.scr -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
RFQ-2413AM-KE2800.scrdescription pid Process Token: SeDebugPrivilege 2664 RFQ-2413AM-KE2800.scr