Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
08/11/2024, 14:47
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241023-en
General
-
Target
file.exe
-
Size
349KB
-
MD5
a0e20498bac13d9b370a901610882f82
-
SHA1
e654ffe53da20163f206cb4f12b11a2b012a1a4a
-
SHA256
b3c0234f9ddc1f0491dcae04ac4ef320d59b665fd4b863e73b365f0e848500ad
-
SHA512
11ef23679fc648019248a244c732951b413b23a2294ec4dc9d7a32f40852fdacaa5fc5f6d6c29b0316b230a8c4f4c21b2481dc13bf012ffd23b362271245b8d8
-
SSDEEP
6144:XKeGZIHGo14D9O0rmGO2d0d18gSwk4X7LXAeIKynOy1+21wl+1Xevlp:aec8Gd9O0rmbfM4XfynOa1wGe
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2064 file.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b