Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 10:07

General

  • Target

    5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe

  • Size

    4.2MB

  • MD5

    d5df01ac28fd85f172bc6f110617d75a

  • SHA1

    a2dcc19d88ba09da63a3683cff99e84e5e340060

  • SHA256

    5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c

  • SHA512

    1964bb1a660809bdca9d564de3a9daf662cbf9e76def4c5799eed001c8ee6a3d90d7267b3e138bc2f9982a2dc1e43db235ca218f6a05200713478d85ae10200f

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyE:TssbCGo3yW8dLfZeNjR2

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe
    "C:\Users\Admin\AppData\Local\Temp\5e80cef604a735e68c96159561b816076e9d7b21fb57be0be2c61e872cd5080c.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          0917648c5506d5199620dea029a7b73b

          SHA1

          7ed1f44b87eb294ae8b8fe77bb80b192368f08f2

          SHA256

          37edb3478151f98371945a9e8ff1de7c16bb291aefb6941009c13c6a2af41792

          SHA512

          0847dad263d22dfc7c015554530e241c4642a042302af917315c91a2c39f725ed13ada7ba55f0d5bcedb647ee7b4d766ef9af7aeb812cae4816298e54758487f

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          2f21dddeee463aa139db3b7ff07127ae

          SHA1

          90e325e2e94bd6c87f12b5d8e48725c3c1006144

          SHA256

          ee738557ae8a9be9505973864b408612e5f2c1db7ae60389235d1b6cdec68267

          SHA512

          09af4551eb917d99cb9e16c76b9f318af6bc49e1fa716a93b175cdfb302971699de4d25a9b7dacd423052af1f11b2ceb6fa3f5c0501ed0abf20c522125af75db

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          e0b066a650ca8010399a92b56e6296a9

          SHA1

          1c158229973fcc1c1bdfbda8210d9d25ec02a8ad

          SHA256

          3e497ab55825ac20f87f8a3c405c6ceb0e55d0de4c543a55099c6fd027dddc5e

          SHA512

          d9c62e2c3ce0406e1727e8d0d8979615d00281d2a2cf46995bfa34feba5e4ab1eaa1bf79f7949c46ec31dc5449820ec1de2903e89f9f6d83d5bc29564b015bd6

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          e54269aef44f6ada186efbe7fc132c1b

          SHA1

          102b669696fbc374fd21d69a6c8187b1902f5250

          SHA256

          6266c1a991d9d4d40223bd31e97bdd96446214f7d3d5f36d6f02271b47c358c4

          SHA512

          69df2c87530bcc344c43116a6ad5d2290bd78be2bed25d819cbd017d6a31cd6aaaa918b9ae550085f64332a96468a281a0a52f42a31834abbd6a58ca7da1915e