Analysis
-
max time kernel
141s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 10:16
Static task
static1
Behavioral task
behavioral1
Sample
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
Resource
win7-20241023-en
General
-
Target
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
-
Size
4.2MB
-
MD5
73ff6b22a9611c18bfb03fa96fb2e3f6
-
SHA1
1d90924c4416151abbaddd8969ca20af45e5d4d7
-
SHA256
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04
-
SHA512
b292425ff13a6878c9ccdf025447515775796891d76b55ea748a33d6ca113bbc4bbe3d62e427f65641d021abf554178b10db0c6f79936db772046beeb90094d0
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3292 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 3292 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 3292 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 3292 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3292 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5091a9f03bea883520ce2b2731127c4d0
SHA1ab13bb472f02644cb6e4ff33c1583300b82e5694
SHA256df8ac8b9fdedfaa6b4fc63314e755b7c58441d8283950c537fe81365a74ff83a
SHA5125356a31b2d799af6c8ddd9b51869b05691fa0f8f9eb1ade23c681221c3588672cfbd0b4bfbe74eaf4def815d43ba0e7305ef2c288ed23c701cebed57a84eca55
-
Filesize
3KB
MD5a0ed7abd13d129897ee8c9b933029ce9
SHA1f7a8bec43eae858ca0907ee82a2ef1e5ac460492
SHA256e4672c21996f00a1608627dcfc1b3eafb6eda63c5c92a9c7e0d1d7417263253d
SHA512c767a630585210f69932165409596e62f7f1d14739fa1be1810f4ebab93392fb57f15a7fa79a3e795ca43f44123a6fa17ac44f3c244b349f41034b44a2fd7ae0
-
Filesize
4KB
MD59d649f428e0d4976a739dc594ed9918d
SHA1fe80fb58827849a52bb563891f2be118f683f900
SHA256a3685967fc39982d609974c7b9250f0586ccc9eb4eb95515e8e9b5048eacaf4e
SHA5126e54159605044f9301397783d00ee03e744785ca7432bddf3979d815baf9ccc0638dc3e2f02a13f66551b89234a1b6a3f06352d3a35d90fb34311924e777a890
-
Filesize
157B
MD5c804f38518e5b198860ea2a554aff081
SHA1b59640116df2b1982b79761d140aedcf33e817a3
SHA256ac9bd90c235e2e793b3d2320facd82b8318ab6498cac9a416d356135ad5b0426
SHA512f5c2107ced2e5a05746a6b22398b4a214bd81db4b0ff508787dabcc3bdfca33d6c7e2837d529dbc2d9a08b86e2ddccd6d1daed6b3888660f7f3e02d7b54a9a26