Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe
Resource
win10v2004-20241007-en
General
-
Target
1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe
-
Size
1.1MB
-
MD5
93c5c7bbe7cf155b0bfc0daee573f6ef
-
SHA1
70bba9d4d748ca67fe0d7b8a9f426a7bb09c10b5
-
SHA256
1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2
-
SHA512
524a0b7624186593af0164d72f22fbeffad9c5eac4f157cb5ad601c655e61db39a3143e5dc43c0f2bd18f1fca4f495f032b5572d4c4d588ee43dbc59e1175904
-
SSDEEP
24576:AY2H2e6Tyrbtu1608ync1zwUGvdVILdPDF8n8vUy+MxLQ+HwK8Ae7:582l51HnsDmVQPDFWsb7HyB
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1104 1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1104 1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1104 1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1104