2a28690f30aacafe7ca48d2cbff27b082aaaee624df3ad7825dcfdc15a96c589

Analysis

max time kernel
147s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WG Quotation 11157061 DE-TR.exe
Size

9KB
MD5

b82bdb9a9392c7049529723dcb93a75b
SHA1

e225b293e8007f73c0c83ea1d22825aec528c653
SHA256

2a1356b0d400e27c01c8cfe8db4c3bc5d225d4ac75fc445e154f373c406779a2
SHA512

0bf6403cee7b300ded290df47dad44b81a1225adfc4f0417efb8efadac133bc251c5380fd98e287bfc3415e0bddcede2033378f9cf39b4f0a7590556a0d1fbbc
SSDEEP

192:1c0IFiXp2vJwfFblxm0pzcIWr30I4HJKLKR/bkI/wC:1c0IFiwvGornqKedT/w

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WG Quotation 11157061 DE-TR.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2568	WG Quotation 11157061 DE-TR.exe

C:\Users\Admin\AppData\Local\Temp\WG Quotation 11157061 DE-TR.exe
"C:\Users\Admin\AppData\Local\Temp\WG Quotation 11157061 DE-TR.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-0-0x00000000743AE000-0x00000000743AF000-memory.dmp

Filesize
4KB

Download
memory/2568-1-0x0000000000CA0000-0x0000000000CA8000-memory.dmp

Filesize
32KB

Download
memory/2568-2-0x00000000743A0000-0x0000000074A8E000-memory.dmp

Filesize
6.9MB

Download
memory/2568-3-0x00000000743AE000-0x00000000743AF000-memory.dmp

Filesize
4KB

Download
memory/2568-4-0x00000000743A0000-0x0000000074A8E000-memory.dmp

Filesize
6.9MB

Download