Analysis

  • max time kernel
    141s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 10:16

General

  • Target

    8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe

  • Size

    4.2MB

  • MD5

    73ff6b22a9611c18bfb03fa96fb2e3f6

  • SHA1

    1d90924c4416151abbaddd8969ca20af45e5d4d7

  • SHA256

    8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04

  • SHA512

    b292425ff13a6878c9ccdf025447515775796891d76b55ea748a33d6ca113bbc4bbe3d62e427f65641d021abf554178b10db0c6f79936db772046beeb90094d0

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
    "C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3292

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          091a9f03bea883520ce2b2731127c4d0

          SHA1

          ab13bb472f02644cb6e4ff33c1583300b82e5694

          SHA256

          df8ac8b9fdedfaa6b4fc63314e755b7c58441d8283950c537fe81365a74ff83a

          SHA512

          5356a31b2d799af6c8ddd9b51869b05691fa0f8f9eb1ade23c681221c3588672cfbd0b4bfbe74eaf4def815d43ba0e7305ef2c288ed23c701cebed57a84eca55

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          a0ed7abd13d129897ee8c9b933029ce9

          SHA1

          f7a8bec43eae858ca0907ee82a2ef1e5ac460492

          SHA256

          e4672c21996f00a1608627dcfc1b3eafb6eda63c5c92a9c7e0d1d7417263253d

          SHA512

          c767a630585210f69932165409596e62f7f1d14739fa1be1810f4ebab93392fb57f15a7fa79a3e795ca43f44123a6fa17ac44f3c244b349f41034b44a2fd7ae0

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          9d649f428e0d4976a739dc594ed9918d

          SHA1

          fe80fb58827849a52bb563891f2be118f683f900

          SHA256

          a3685967fc39982d609974c7b9250f0586ccc9eb4eb95515e8e9b5048eacaf4e

          SHA512

          6e54159605044f9301397783d00ee03e744785ca7432bddf3979d815baf9ccc0638dc3e2f02a13f66551b89234a1b6a3f06352d3a35d90fb34311924e777a890

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          c804f38518e5b198860ea2a554aff081

          SHA1

          b59640116df2b1982b79761d140aedcf33e817a3

          SHA256

          ac9bd90c235e2e793b3d2320facd82b8318ab6498cac9a416d356135ad5b0426

          SHA512

          f5c2107ced2e5a05746a6b22398b4a214bd81db4b0ff508787dabcc3bdfca33d6c7e2837d529dbc2d9a08b86e2ddccd6d1daed6b3888660f7f3e02d7b54a9a26