2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/10/2024, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6.exe
Size

398KB
MD5

923191786539b85f05801a82c5d34044
SHA1

5b05c3e94c78de881743b64fbf655dd7a4d5a4ed
SHA256

2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6
SHA512

54294237c5e4e96b28a958c2bf7cfd7056db3833356b2a473a6da00f2434cb4fbb6a9266df969c1132b0416d1b6d5f62a5bc3b68c836e8ffed28b844d32b3d98
SSDEEP

768:5wv79pvtx0gODbLTL7tg7SYQQzcrN2RgFxhjpjOOZFYe4J0v/CBN7BFeQaZTog1:5wRVWr7tgCWcE0xp9OOR4aXOYfP1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2396	2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6.exe

C:\Users\Admin\AppData\Local\Temp\2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6.exe
"C:\Users\Admin\AppData\Local\Temp\2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-0-0x000000007447E000-0x000000007447F000-memory.dmp

Filesize
4KB

Download
memory/2396-1-0x0000000000FB0000-0x000000000101A000-memory.dmp

Filesize
424KB

Download
memory/2396-2-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/2396-3-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2396-4-0x000000007447E000-0x000000007447F000-memory.dmp

Filesize
4KB

Download
memory/2396-5-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download