Analysis
-
max time kernel
130s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
30-09-2024 20:09
Behavioral task
behavioral1
Sample
Backdoor.exe
Resource
win7-20240704-en
5 signatures
150 seconds
General
-
Target
Backdoor.exe
-
Size
92KB
-
MD5
0c67eccc5ef8b076acbc6a283022aca4
-
SHA1
91b1eda8eed5c28a9e6a5d508bab8032a2119220
-
SHA256
968fd5bce1428ffdfb6331919ec6ba70a9d0f148df7f9c5c223f4546b2428ae1
-
SHA512
3415c64b76c3e14a8ab768098129af70e84ee50a98e7cdbaf9f41057f9e6dae4e01aeaade7f3d4fe9835173215c065638e31f45897d6fe65bc59db32e0c5d8d5
-
SSDEEP
1536:ghhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP60rY:mhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+0
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Backdoor.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2736 Backdoor.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2736 Backdoor.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2736 Backdoor.exe