Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
31/10/2024, 10:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Proforma Invoice.scr.exe
Resource
win7-20241010-en
2 signatures
150 seconds
General
-
Target
Proforma Invoice.scr.exe
-
Size
13KB
-
MD5
3efcf6123cc2697d54be8e8d17f70eb6
-
SHA1
194d4304e6fbea7bcc5203d9f5dd7c0883277fb1
-
SHA256
a05acadb64d5923e931a42aecca755b6a160b39f96ec1bff8611cd5116b4c926
-
SHA512
73ac5727e012611904ca6be764a92db67cbea082cdaca37017e1b6db04fee6bae884aaf82dcf4eb36094012463dcfd0b5beecfc36048d87db01f17dafe7c32a9
-
SSDEEP
192:Z6F7KvWISi8OXTjyr4mikpAfQZz/IJCKVxmy:ZZNSEDjyHikpAIZz/In
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proforma Invoice.scr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 804 Proforma Invoice.scr.exe