Overview

overview

3

Static

static

3

client.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    9s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-10-2024 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client.exe

  • Size

    906KB

  • MD5

    58b90ed15dc7ed2a898456d479331f59

  • SHA1

    ff0ea8f7c13a3ce0e58b6c2ccee95a9f415edacd

  • SHA256

    972dc7015a7afbc92a80f6d03e229039f111a49851377e036a6807eab25c24ab

  • SHA512

    443c4213a58165440a373cb3e23487033735df548e0c3b055c5e00a4001e6a710a660fce1e60279791770c63a72ebe83f867d81f28bff2bb278f33c5e75fe619

  • SSDEEP

    12288:y5+N/wAkwJHS2fPehzY2ScrfM/40yb/bzbiLTcRfVtZ2mE+92Wl7u16wI3alJTXc:WY2wkacr0/40yb/UG7r2+u16V3arZa

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\client.exe
    "C:\Users\Admin\AppData\Local\Temp\client.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4508-0-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4508-1-0x0000000000370000-0x000000000045A000-memory.dmp

    Filesize

    936KB

    Download

  • memory/4508-2-0x0000000005A30000-0x0000000005ACC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4508-3-0x0000000074B30000-0x00000000752E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4508-4-0x0000000005AD0000-0x0000000005B6E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/4508-5-0x00000000062B0000-0x0000000006856000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4508-6-0x0000000005DA0000-0x0000000005E32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4508-7-0x0000000005D70000-0x0000000005D7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4508-8-0x0000000074B30000-0x00000000752E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4508-9-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

    Filesize

    4KB

    Download