Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 10:30

General

  • Target

    5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe

  • Size

    4.2MB

  • MD5

    406645e4bd71f96ce8d67a1408a3c541

  • SHA1

    5cbfd462a16fe6472d063866cd228924061a1005

  • SHA256

    5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f

  • SHA512

    dcdda72507bba327c00430b9cb5459186753f19bf743fcf3a542369a893fe1e86acca401de05d892228b9e9e2ad680908548e974bab75af93b1f4fbe6e340c3f

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe
    "C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4476

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          02d48089875ce7c3d9d2b05aada3ab74

          SHA1

          18f39d1ce32c30b04702dad9f78971e1f53787d2

          SHA256

          1467aaa7880733417a7de20d0bb2bac9a7b975692a4310ce97b4272dab13fb81

          SHA512

          d7405a45da46b16a55db7ac17361eb2a7d4ce489989ac43c5305c362b3a76da317b81cb35842b2f52f5a15e21a035babec5b9d7be7bc96821ac9dbcf34de5ea5

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          59dc077e13ec15850799736c40afa150

          SHA1

          4a58fed3d91f80a50efdbb2495941648b1f0b8c4

          SHA256

          6e119bd9128a979e1c845c8412bab53826218a93316e5c71f72121f00629224a

          SHA512

          7a7726290768c005ef18bfa5d37d61a774886b8ad8b1aed3b46ef0f36d1b68de1e13aa50582ca0683ce8c4354c2c3667583ee6b10ec3c06f585687624fb4387c

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          f5c9bc87f394fc20de455ab1ff967c91

          SHA1

          0bc9e6229b4e76381b80bad9abf987ecbdaa4975

          SHA256

          9985b68d73f60ee1e6a3263029c283ee46ba10de02a170cbeeb5923f1f4a44a0

          SHA512

          99d795def0ed728757e5c55499ba67327ccd381820a4c623ca35a34390433cc35b562ea371fae4391e7a9426008f9578a606407c7c314b819b3e4879ccdfd2a6

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          416c504e9f565b64b7bdb2ad198ba1eb

          SHA1

          942abed73a96ece8a10d0334e14ee8fdc8e5ab66

          SHA256

          bee0dfaa86fc681f644cc13cefc13bafb2f45d2b1335551daf241d1116ea8017

          SHA512

          96b8b076a7834c6a4d694dcdada571ead85d72e0d0407a9afd6afcf83012d0f0b3b24ca7f299ac703d19d4cd06a5f42f31a70d8e65efd6fe3dbbff3a98c6d906