Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 10:03

General

  • Target

    Proforma Invoice.scr.exe

  • Size

    13KB

  • MD5

    3efcf6123cc2697d54be8e8d17f70eb6

  • SHA1

    194d4304e6fbea7bcc5203d9f5dd7c0883277fb1

  • SHA256

    a05acadb64d5923e931a42aecca755b6a160b39f96ec1bff8611cd5116b4c926

  • SHA512

    73ac5727e012611904ca6be764a92db67cbea082cdaca37017e1b6db04fee6bae884aaf82dcf4eb36094012463dcfd0b5beecfc36048d87db01f17dafe7c32a9

  • SSDEEP

    192:Z6F7KvWISi8OXTjyr4mikpAfQZz/IJCKVxmy:ZZNSEDjyHikpAIZz/In

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe
    "C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:804

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/804-0-0x000000007408E000-0x000000007408F000-memory.dmp

          Filesize

          4KB

        • memory/804-1-0x00000000012E0000-0x00000000012E8000-memory.dmp

          Filesize

          32KB

        • memory/804-2-0x0000000074080000-0x000000007476E000-memory.dmp

          Filesize

          6.9MB

        • memory/804-3-0x000000007408E000-0x000000007408F000-memory.dmp

          Filesize

          4KB

        • memory/804-4-0x0000000074080000-0x000000007476E000-memory.dmp

          Filesize

          6.9MB