7554fcaa252c2663bc9116368ffbece58f64a74b3b3e03bd585abb8283a96804

Analysis

max time kernel
180s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2024, 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Portafolio Rotativo Proceso Activo N° 6748-2024/Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe
Size

398KB
MD5

923191786539b85f05801a82c5d34044
SHA1

5b05c3e94c78de881743b64fbf655dd7a4d5a4ed
SHA256

2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6
SHA512

54294237c5e4e96b28a958c2bf7cfd7056db3833356b2a473a6da00f2434cb4fbb6a9266df969c1132b0416d1b6d5f62a5bc3b68c836e8ffed28b844d32b3d98
SSDEEP

768:5wv79pvtx0gODbLTL7tg7SYQQzcrN2RgFxhjpjOOZFYe4J0v/CBN7BFeQaZTog1:5wRVWr7tgCWcE0xp9OOR4aXOYfP1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1372	Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe

C:\Users\Admin\AppData\Local\Temp\Portafolio Rotativo Proceso Activo N° 6748-2024\Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe
"C:\Users\Admin\AppData\Local\Temp\Portafolio Rotativo Proceso Activo N° 6748-2024\Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1372-0-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/1372-1-0x00000000000B0000-0x000000000011A000-memory.dmp

Filesize
424KB

Download
memory/1372-2-0x0000000004A90000-0x0000000004A96000-memory.dmp

Filesize
24KB

Download
memory/1372-3-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/1372-4-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/1372-5-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download