Analysis

  • max time kernel
    139s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 10:27

General

  • Target

    bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe

  • Size

    4.2MB

  • MD5

    89df346c0daab94e62d34a9bb9f36b33

  • SHA1

    d8a1ca62dd6dae42481c76961bbd88a1234dd925

  • SHA256

    bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3

  • SHA512

    84a0f6c7ac320294a636312ac432dd645d5afb593dfb533fa04b52c9675cfaf998a8c965d1a8b696408f212b49b8505fb08a6ab48ac4d3d98c45d887c66767e1

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEY:TssbCGo3yW8dLfZeNjR2Y

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe
    "C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3376

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          6c320a254ca94f4a2d64088d1eac6677

          SHA1

          895863a64538dd9db66f6c580b7bcc3b8b99fd0c

          SHA256

          5a3f4b09f11730be53a9e0b828c8d9168e8dbd3bf29b58666e318efb89f04a22

          SHA512

          a5145f8aeb6484878eec2e47af457fa9e0a7f598b099004e94e86ae19068d7b2113266b8b5ddd5c6d40d7416d09e40abf322c0ca079b76b561bcddf038cf50f2

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          0bf0f47d1e67a6c42e48b3cc5145b834

          SHA1

          70f2c976a696e50bf569113a72a1e651fc41609a

          SHA256

          0de36c3a4ddc4a5cdc7c8bbbf847472a7c517a2aa9ce0cee8c6652811aae2665

          SHA512

          c3f1575a7eb24b895609bf0e8882e6a3ee7679e327eb855ca0d1dd6f9922d97e2f32bce8fc074a3276655aeb3d2e35630558cc59aa957e6ff56381171254ab0f

        • C:\ProgramData\Norton\FSDErMgt\ErrorInstances\A67AD9B2\67BA37BE-1FA3-4CEF-B2E8-50A5B1663166.dat

          Filesize

          246KB

          MD5

          b0fe2e9c4f32b363c5e5fd0d09e81c27

          SHA1

          20cb145bc87133e11dedeaa1812ff40a32cbf8f7

          SHA256

          5794bd1f6c0460576c971aaedea0228f4fdc3410ed19bc619836629517b547b6

          SHA512

          7d2f4caa74a48a0be7e74362e2af303727ef569d56a83fc2d8a331113d73603c345186ffd42a7ba4416b984bc6aaf717d814a7c3e25707559554d1ff74dda2ec

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          d63ac3ce59eb0dc4a1362af3941f94b7

          SHA1

          ceede13e358827cbec65e6c49567361bca06f784

          SHA256

          1e7c140a98003fc763aec736d866c215a7415f732522da2599a3fb9f99922ac1

          SHA512

          e2c2c847d1f998f94e877752ec2b576d6046fd17c9e00f5348cb2adcbfd2da2358e5762ef0b31eca7c08120ad793ae4a064b601f4b84abea2eff0ddc68ffed2e