Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 10:07
Static task
static1
Behavioral task
behavioral1
Sample
5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe
Resource
win7-20241010-en
General
-
Target
5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe
-
Size
4.2MB
-
MD5
d5df01ac28fd85f172bc6f110617d75a
-
SHA1
a2dcc19d88ba09da63a3683cff99e84e5e340060
-
SHA256
5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c
-
SHA512
1964bb1a660809bdca9d564de3a9daf662cbf9e76def4c5799eed001c8ee6a3d90d7267b3e138bc2f9982a2dc1e43db235ca218f6a05200713478d85ae10200f
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyE:TssbCGo3yW8dLfZeNjR2
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4836 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe 4836 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe 4836 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe 4836 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4836 5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe"C:\Users\Admin\AppData\Local\Temp\5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD50917648c5506d5199620dea029a7b73b
SHA17ed1f44b87eb294ae8b8fe77bb80b192368f08f2
SHA25637edb3478151f98371945a9e8ff1de7c16bb291aefb6941009c13c6a2af41792
SHA5120847dad263d22dfc7c015554530e241c4642a042302af917315c91a2c39f725ed13ada7ba55f0d5bcedb647ee7b4d766ef9af7aeb812cae4816298e54758487f
-
Filesize
3KB
MD52f21dddeee463aa139db3b7ff07127ae
SHA190e325e2e94bd6c87f12b5d8e48725c3c1006144
SHA256ee738557ae8a9be9505973864b408612e5f2c1db7ae60389235d1b6cdec68267
SHA51209af4551eb917d99cb9e16c76b9f318af6bc49e1fa716a93b175cdfb302971699de4d25a9b7dacd423052af1f11b2ceb6fa3f5c0501ed0abf20c522125af75db
-
Filesize
4KB
MD5e0b066a650ca8010399a92b56e6296a9
SHA11c158229973fcc1c1bdfbda8210d9d25ec02a8ad
SHA2563e497ab55825ac20f87f8a3c405c6ceb0e55d0de4c543a55099c6fd027dddc5e
SHA512d9c62e2c3ce0406e1727e8d0d8979615d00281d2a2cf46995bfa34feba5e4ab1eaa1bf79f7949c46ec31dc5449820ec1de2903e89f9f6d83d5bc29564b015bd6
-
Filesize
157B
MD5e54269aef44f6ada186efbe7fc132c1b
SHA1102b669696fbc374fd21d69a6c8187b1902f5250
SHA2566266c1a991d9d4d40223bd31e97bdd96446214f7d3d5f36d6f02271b47c358c4
SHA51269df2c87530bcc344c43116a6ad5d2290bd78be2bed25d819cbd017d6a31cd6aaaa918b9ae550085f64332a96468a281a0a52f42a31834abbd6a58ca7da1915e