Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 10:30
Static task
static1
Behavioral task
behavioral1
Sample
5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe
Resource
win7-20240903-en
General
-
Target
5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe
-
Size
4.2MB
-
MD5
406645e4bd71f96ce8d67a1408a3c541
-
SHA1
5cbfd462a16fe6472d063866cd228924061a1005
-
SHA256
5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f
-
SHA512
dcdda72507bba327c00430b9cb5459186753f19bf743fcf3a542369a893fe1e86acca401de05d892228b9e9e2ad680908548e974bab75af93b1f4fbe6e340c3f
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4476 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe 4476 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe 4476 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe 4476 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4476 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4476
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD502d48089875ce7c3d9d2b05aada3ab74
SHA118f39d1ce32c30b04702dad9f78971e1f53787d2
SHA2561467aaa7880733417a7de20d0bb2bac9a7b975692a4310ce97b4272dab13fb81
SHA512d7405a45da46b16a55db7ac17361eb2a7d4ce489989ac43c5305c362b3a76da317b81cb35842b2f52f5a15e21a035babec5b9d7be7bc96821ac9dbcf34de5ea5
-
Filesize
3KB
MD559dc077e13ec15850799736c40afa150
SHA14a58fed3d91f80a50efdbb2495941648b1f0b8c4
SHA2566e119bd9128a979e1c845c8412bab53826218a93316e5c71f72121f00629224a
SHA5127a7726290768c005ef18bfa5d37d61a774886b8ad8b1aed3b46ef0f36d1b68de1e13aa50582ca0683ce8c4354c2c3667583ee6b10ec3c06f585687624fb4387c
-
Filesize
4KB
MD5f5c9bc87f394fc20de455ab1ff967c91
SHA10bc9e6229b4e76381b80bad9abf987ecbdaa4975
SHA2569985b68d73f60ee1e6a3263029c283ee46ba10de02a170cbeeb5923f1f4a44a0
SHA51299d795def0ed728757e5c55499ba67327ccd381820a4c623ca35a34390433cc35b562ea371fae4391e7a9426008f9578a606407c7c314b819b3e4879ccdfd2a6
-
Filesize
157B
MD5416c504e9f565b64b7bdb2ad198ba1eb
SHA1942abed73a96ece8a10d0334e14ee8fdc8e5ab66
SHA256bee0dfaa86fc681f644cc13cefc13bafb2f45d2b1335551daf241d1116ea8017
SHA51296b8b076a7834c6a4d694dcdada571ead85d72e0d0407a9afd6afcf83012d0f0b3b24ca7f299ac703d19d4cd06a5f42f31a70d8e65efd6fe3dbbff3a98c6d906