Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 10:27

General

  • Target

    1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe

  • Size

    1.1MB

  • MD5

    93c5c7bbe7cf155b0bfc0daee573f6ef

  • SHA1

    70bba9d4d748ca67fe0d7b8a9f426a7bb09c10b5

  • SHA256

    1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2

  • SHA512

    524a0b7624186593af0164d72f22fbeffad9c5eac4f157cb5ad601c655e61db39a3143e5dc43c0f2bd18f1fca4f495f032b5572d4c4d588ee43dbc59e1175904

  • SSDEEP

    24576:AY2H2e6Tyrbtu1608ync1zwUGvdVILdPDF8n8vUy+MxLQ+HwK8Ae7:582l51HnsDmVQPDFWsb7HyB

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe
    "C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4860-0-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-1-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

          Filesize

          2.0MB

        • memory/4860-5-0x00000000008C0000-0x00000000008C1000-memory.dmp

          Filesize

          4KB

        • memory/4860-4-0x00000000025C0000-0x0000000002606000-memory.dmp

          Filesize

          280KB

        • memory/4860-3-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-2-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-6-0x0000000075D50000-0x0000000075F65000-memory.dmp

          Filesize

          2.1MB

        • memory/4860-8-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

          Filesize

          2.0MB

        • memory/4860-7-0x0000000076930000-0x0000000076BB1000-memory.dmp

          Filesize

          2.5MB

        • memory/4860-9-0x0000000076D60000-0x0000000076E43000-memory.dmp

          Filesize

          908KB

        • memory/4860-10-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-11-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-12-0x0000000073090000-0x0000000073119000-memory.dmp

          Filesize

          548KB

        • memory/4860-13-0x0000000076210000-0x00000000767C3000-memory.dmp

          Filesize

          5.7MB

        • memory/4860-14-0x0000000005700000-0x0000000005D18000-memory.dmp

          Filesize

          6.1MB

        • memory/4860-15-0x0000000005090000-0x00000000050A2000-memory.dmp

          Filesize

          72KB

        • memory/4860-16-0x00000000051F0000-0x00000000052FA000-memory.dmp

          Filesize

          1.0MB

        • memory/4860-17-0x0000000005120000-0x000000000515C000-memory.dmp

          Filesize

          240KB

        • memory/4860-18-0x0000000005160000-0x00000000051AC000-memory.dmp

          Filesize

          304KB

        • memory/4860-19-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-20-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

          Filesize

          2.0MB

        • memory/4860-23-0x0000000076CF0000-0x0000000076D14000-memory.dmp

          Filesize

          144KB

        • memory/4860-24-0x00000000759A0000-0x0000000075A1B000-memory.dmp

          Filesize

          492KB

        • memory/4860-25-0x0000000076EB0000-0x0000000076FD0000-memory.dmp

          Filesize

          1.1MB

        • memory/4860-22-0x0000000075D50000-0x0000000075F65000-memory.dmp

          Filesize

          2.1MB

        • memory/4860-21-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-26-0x0000000075F70000-0x000000007602F000-memory.dmp

          Filesize

          764KB

        • memory/4860-29-0x0000000075570000-0x00000000755C2000-memory.dmp

          Filesize

          328KB

        • memory/4860-27-0x0000000076070000-0x000000007612F000-memory.dmp

          Filesize

          764KB

        • memory/4860-31-0x0000000076BC0000-0x0000000076C56000-memory.dmp

          Filesize

          600KB

        • memory/4860-32-0x0000000075860000-0x00000000758A5000-memory.dmp

          Filesize

          276KB

        • memory/4860-30-0x0000000076930000-0x0000000076BB1000-memory.dmp

          Filesize

          2.5MB

        • memory/4860-35-0x0000000074DB0000-0x0000000074DB8000-memory.dmp

          Filesize

          32KB

        • memory/4860-34-0x0000000074DC0000-0x0000000074DCF000-memory.dmp

          Filesize

          60KB

        • memory/4860-33-0x0000000074DD0000-0x0000000074E5D000-memory.dmp

          Filesize

          564KB

        • memory/4860-38-0x0000000074530000-0x00000000745DB000-memory.dmp

          Filesize

          684KB

        • memory/4860-42-0x0000000076050000-0x0000000076069000-memory.dmp

          Filesize

          100KB

        • memory/4860-43-0x000000006F750000-0x000000006F960000-memory.dmp

          Filesize

          2.1MB

        • memory/4860-44-0x000000006F5C0000-0x000000006F74D000-memory.dmp

          Filesize

          1.6MB

        • memory/4860-48-0x000000006E730000-0x000000006E835000-memory.dmp

          Filesize

          1.0MB

        • memory/4860-47-0x00000000767D0000-0x0000000076833000-memory.dmp

          Filesize

          396KB

        • memory/4860-46-0x000000006F460000-0x000000006F543000-memory.dmp

          Filesize

          908KB

        • memory/4860-45-0x000000006F550000-0x000000006F5BB000-memory.dmp

          Filesize

          428KB

        • memory/4860-41-0x00000000757F0000-0x00000000757F6000-memory.dmp

          Filesize

          24KB

        • memory/4860-40-0x0000000073090000-0x0000000073119000-memory.dmp

          Filesize

          548KB

        • memory/4860-36-0x0000000074600000-0x0000000074DB0000-memory.dmp

          Filesize

          7.7MB

        • memory/4860-37-0x00000000745E0000-0x00000000745F4000-memory.dmp

          Filesize

          80KB

        • memory/4860-49-0x0000000000440000-0x0000000000685000-memory.dmp

          Filesize

          2.3MB

        • memory/4860-64-0x0000000074600000-0x0000000074DB0000-memory.dmp

          Filesize

          7.7MB