Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 19:59
Static task
static1
Behavioral task
behavioral1
Sample
fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe
Resource
win7-20240903-en
General
-
Target
fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe
-
Size
4.2MB
-
MD5
f550c4956d37b788fea5b3f70cb734bf
-
SHA1
78b033802d60ab64c0c2fc955f7479b140aefd26
-
SHA256
fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938
-
SHA512
26de5aee2cc8e80332329508bcac01ac79fa1af5f66d16ec04528dd2d96fad99acb5ef7f79f9cbdeab148121ef8fd6f3444ce20202e48e47a4cdf707f9d0b701
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyER:TssbCGo3yW8dLfZeNjR2R
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4056 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe 4056 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe 4056 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe 4056 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4056 fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe"C:\Users\Admin\AppData\Local\Temp\fcbda3a41e686211451e42402a4a32c3d7910da3df02ce496523f5da3814e938.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5e19572a66ba125caf96307f8bcc96aec
SHA18515d754cbcb3d00730f90d29fb5b4b8cd68d746
SHA256e574fe1f947fd62e9fdf6fda70013d4fc4f30480e97730172ba4b74c71f3bbce
SHA512e1f4f32b9ca3b8b645fe316de4cac3504eb63943b74713025ce9ff840e96b641b1e870c8fab359aabdfb0ff7c0710622da67a5c3d81db1342c69d75fe00bb927
-
Filesize
3KB
MD5b06dc0bd33d7e2afc4d895e50fd61164
SHA10a61d25f815b0e4628530381ff3dcbe462a84cf9
SHA25679afdbd4f5023b25e5d177eb11683d52a4571d763070752b31c5b9b223846d93
SHA5121ee13d2d43cfa3ced20d65c7075393d132c69bd0ffc6ec1c9cd30aab9aed680882bf63721e85100769044325a7429316a82fbe737e119d8af8fd2161747e5c01
-
Filesize
4KB
MD50f4fd4e2f16d321cc4b2be053c2219bb
SHA12c8da002f1e67120510a1cd0a04e58bfae106aeb
SHA2561f8e516984de7927d8e9a3fd42308739b24d603a7f89ab7831f3c0bd5ac5366d
SHA512d36190f8cf52bf15e7bd276d9531c4170fe863a71cd2ca6bf6723b5f61ecce550696995d97b1a6cf5dd43afebd72cc7f1bbfa36090116653d2e2355ce365eebf
-
Filesize
246KB
MD54d1de50347fff92d30a51134b256c31e
SHA1ff5016ad10a203841aa8ed0ee1545993b475a172
SHA256a2270ce743fb34c312581b5a4cd74f559793c315f566f615dfe1c62b18633066
SHA512b910c12237f0677e15cd61215305dc3423c351f35538b77d5dd651192b37dce686608f627dd1841361e87770f8de89141e851c1deb4edaf271710dd1ebfb3da2