Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 19:59

General

  • Target

    fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe

  • Size

    4.2MB

  • MD5

    f550c4956d37b788fea5b3f70cb734bf

  • SHA1

    78b033802d60ab64c0c2fc955f7479b140aefd26

  • SHA256

    fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938

  • SHA512

    26de5aee2cc8e80332329508bcac01ac79fa1af5f66d16ec04528dd2d96fad99acb5ef7f79f9cbdeab148121ef8fd6f3444ce20202e48e47a4cdf707f9d0b701

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyER:TssbCGo3yW8dLfZeNjR2R

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe
    "C:\Users\Admin\AppData\Local\Temp\fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          a8a05a0265d12864c41c1e027b1f34ba

          SHA1

          816828d543e02d6373f440e5d5ca474dc1bb6f82

          SHA256

          7ff5587549114b0d99ce53b79ee17ac57b002387db6e0dfd199ce290685dac6b

          SHA512

          5620efa63bb7a19b2c3f1c9aab7733fa87286021f0ddf7ea005a44173c235e639a00f48ee4a9ed506c766d087edd6a1e17e617f826de79afb7520884caab759f

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          62a12133cb45c8dd6f991ceebe1fa401

          SHA1

          cbecde7840c1dba72f0078dfcd5da4af46e10132

          SHA256

          3a08f668aa6041aebb75aa8cbab4037bc234f7772c861c0669f2019e57d02041

          SHA512

          49ca8486b1ff0c24c3a1159ee31c405082e5101738f23f65d5b4286e15f15c74202cb72e2d987800591121fd53894fba161c00c595b28cd41e31a7897375497d

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          e58268817091777b710a912da3bb41ce

          SHA1

          b7aeb8c74157b79d34a93b118e77e16fd5b71fad

          SHA256

          c413f1e91db00c7686cf367037bc1d6ad9d8cf63de49c1cb53dfd78c3bbd12ff

          SHA512

          cbeb3cb0b40e663f14cfae3b04ad98b13b1b7ad446388ff81e033b6d824a8f73d4ed7cff0e15d9573cde1ec554756c6f804284c6f6c688ef043cb0f415b2094c

        • C:\ProgramData\Norton\FSDErMgt\ErrorInstances\B6F97B6D\E64DF19B-F781-4F2B-9EDF-67A20F18DE03.dat

          Filesize

          235KB

          MD5

          07901b2503ba3055cdcaab0c3d58fe39

          SHA1

          53f06454ec5177c53f23241236ab9ee50b72299f

          SHA256

          12c0ce127c6457af8820749a9b2b72efd8ef16ddfea9e492005abbb3a0c321f0

          SHA512

          85e898267afeeeb6f12762836649c54dc5b5a2b3b0574f2b27b877bab24fc26521559d877784df48c940e9b393859db0017064b2346fa805d546de5b1f992587

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          56d403a9ea50e755bfb69f778613ab12

          SHA1

          4b302562183500393cec1dd3c6f63ecd8aeac577

          SHA256

          9c8f347a15920f7be0f775d3ee05b2a70f838d2ff76d6c0739ff91c4871a8073

          SHA512

          662721d534ccd01822b0a6453d51aa7b7a83be501a3326b238e8e504344f058ccd9f70815f3663ceb1edd67c2ebd63d2060096d599233295d8ecb6a41cbf4c9b

        • memory/2152-9-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB

        • memory/2152-59-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB